I hear it a lot: “I’m NEVER using a mobile wallet. That’s so unsafe! Anyone could just take all my bank information from the air or something and run off with it.”
Never mind that you routinely leave your phone laying out with your bank app logged in and your camera app, filled with all those embarrassing selfies and attempts at duckface, open like it’s no big deal.
People are really attached to the idea of hard plastic. Maybe it’s the smell of the leather and pocket crumbs as they open their wallet or the fun of rummaging through four compartments to try and come up with exact change, but people just don’t want to give up their wallets. Despite the fact that everyone I have ever met has lost their wallet or credit card, or chased after their cash that got loose in the wind, they all insist I’m the crazy one for wanting to be able to keep everything on my phone, an object which I have never lost except in my couch.
If you’re on Team Physical Wallet, allow me to disillusion you for a moment. Physical wallets are CRAZY unsafe. Like, you really should be as paranoid as Taylor Swift is about everything when it comes to your leather-bound plastic and cash.
Why? Let me take you through the myths.
Myth #1: Wallets stay on (or near) your body.
As previously mentioned, your wallet, and the contents therein, is SUPER easy to lose. I can’t find hard numbers on anything, but given my own personal experience, as well as probability, it is easier to misplace your wallet or credit cards than it is your phone. The average person checks their phones 110 times a day. That’s every eight minutes if you get eight hours of sleep a night! Comparatively, you probably only check for your wallet if you’re about to pay for something, maybe if you’re about to leave somewhere and maybe if you get concerned you don’t remember where it is. For me – that’s three-ish times a day.
All that to say: If you forget your phone somewhere, you know nearly immediately. You don’t get far in eight minutes. Your wallet… well that could be missing for hours before you notice and by that point you don’t know if you left it at the pool, the gym, the grocery store or your house. Additionally, the likelihood that it’s been taken by someone else during that time is a lot higher.
Myth #2: If you have your wallet, no one can steal from you.
Most people will agree with me on the previous point. Wallets get lost, sure. It’s a fact of life. But if you keep your wits about you all the time and check to make sure you have your wallet when you leave a public location you’ll be totally fine, right? Wrong.
Let me start by telling you about my experience as a sales associate at a national retail chain. I came into contact with tens of thousands of credits cards in the years that I worked there. Easily 100+ cards a day on a good day. In a single average transaction, I had time to memorize a card number, expiration date and CVV code, especially if there was a pattern to the numbers. I could very easily have stalled the transaction to allow me to write the numbers down without being noticed.
I and my coworkers also frequently took sales over the phone in which people would happily and blindly give all their pertinent info over the phone – sometimes we even took social security numbers (for the store cards). And here’s the scariest part: my coworkers would typically write all this information down to ring the sale later. Then this sensitive information would be sitting around on our sales desk for a while, for anyone to walk off with. Additionally, I frequently didn’t write the information down, but would ring right there. My memory is good enough, though, that if the sale didn’t go through and I’d already hung up, I could re-ring the sale with the card number from memory. Our customers really had no clue how lucky they were that we were trustworthy women with no intention of ever using their cards.
And that is a pretty average experience for a sales associate. Scared yet? That’s not even the end of it. Your card number is out there in tons of locations. There are a number of ways thieves can steal your card information by hacking retail stores.
- Magnetic stripes are really easy to read, given that it’s simply the straightforward card information, barely encrypted and readable by any magnetic scanner. Thieves can easily tinker with card swipers in order to directly take information out of them. They do this by physically tinkering with the card swiper, or hacking into the software that runs the swiper.
- Retailers also keep card information stored in databases – whether in order to make the payment process easier in the future, or to run payments in batches. These databases are also susceptible to hacks.
It’s also very easy to set up a virus on a personal computer that takes your payment information as you type it in online. And we haven’t even mentioned wireless credit card readers that can steal your data through your pocket and wallet.
Myth #3: A card has a lot of security features that prevent it from being useable once someone steals it.
It’s easy to get around security features on credit cards. Sales associates, as I mentioned, can easily take all the necessary information to ring a sale. Getting a PIN is as easy as watching someone type it in. (Yes, even you, hand-shelter-er’s. Just because you’re shading the number pad doesn’t mean I can’t see which numbers you’re typing in.) Even if you write “See ID” on the back of your card, most sales associates aren’t going to check that. And while you may rebuke sales associates when they don’t read that line, I can assure that the person who stole your card won’t. A physical card really is just about as safe as a dollar bill with your name written on it.
How mobile wallets are safer
So those are the three big myths about the safety of physical wallets. I hope you’re not too paranoid now. Let’s talk about how mobile wallets address these problems and what kind of security exists for mobile wallets.
1. Each transaction is carefully encrypted.
During a transaction from a mobile wallet your bank information is never vulnerable, unlike with a standard magnetic card reader. With a mobile wallet, your phone carefully encrypts your account information (notably NOT your bank, card or other payment information), which the POS then reads through near field communication (NFC). NFC is technology that enables devices to establish a radio communication with each other when they are within a certain small distance. The POS does not read the information, rather, it sends it first to the mobile wallet provider, who de-encrypts the information, sees which account you’re looking to access, and checks your identifying information. Once the provider has satisfactorily proven you are who you say you are, they send along your card information to your payment processor who is the one to actually access your bank information and request that your bank send the money back to them. The payment processor then sends your money along to the store’s bank and alerts the POS that the transaction has been completed.
Unlike a credit card transaction, your payment information is never vulnerable physically in the store. The several steps that the payment has to go through make it difficult for hackers, essentially forcing them to hack the very secure payment processors, as the retailer never actually touches your payment information. A situation like the Target hack would simply be impossible in this system because Target would never be in possession of your data, even at the time of payment.
Many people still fear that someone could take their encrypted data from the NFC, which is actually a slight possibility. However, the data is encrypted so even if they do get it, it will be completely unreadable to them. And if, through some miracle, they could decode what your phone sent, all they would actually get is your wallet provider information which they cannot make payments with, not your card or bank information. Additionally, the encryption that is sent through the NFC is a dynamic encryption. That means your phone generates a new encryption for each transaction. Someone could not simply crack a single encryption and run around paying for things with your mobile wallet, the way they can with a credit card.
2. There’s security for lost phones.
Now, I made the claim above that it’s harder to lose you phone than it is your wallet. I didn’t say you couldn’t lose your phone. And your phone can be stolen. So your phone could be compromised like a physical wallet. The good news is: there are measures that both your phone and most mobile wallets have put in place.
- First, your phone can (and should) be passcoded. If it has biometric security features like the iPhone’s fingerprint unlock, that can also be enabled.
- Additionally, your mobile wallet can be further pass-protected so a thief would have to crack at least two passcodes. And phone protection functionality is getting even better – facial recognition technology is right around the corner, for instance.
However, it’s not really these measures that make mobile wallets safer.
The real thing that makes these safer is the fact that you can go into your mobile wallet provider account from anywhere and turn your mobile payment app off remotely. That way anyone who steals your phone can’t use the app.
Apple phones even allow you to deactivate and wipe the whole phone in the event of a theft or loss. This is not something you can do for physical wallets. Any cash you had is gone, and you have to call your cards up one by one and go through an arduous identification and shutting-off process in order to cancel your cards. If you carry around your social security number, or maybe checks, your bank information and social security number is also gone forever. This is not the case with a lost or stolen phone.
What do you think?
Ultimately, mobile wallets eliminate the risk that checkout poses to credit cards. Certainly, they’re not flawless – nothing ever is – but the security features phones possess are much stronger than the security features invented in the 1980s that credit cards have. In my opinion, the biggest argument against mobile wallets is the fact that if your phone runs out of charge, you can’t buy more Taylor Swift albums until you plug it in again. But that’s a discussion for a different post.
Images and Charts by Abby Kahler
Looking for Point of Sale software? Check out Capterra's list of the best Point of Sale software solutions.