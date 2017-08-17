Growing numbers of businesses now let customers pay for their transactions at the checkout line using their smartphones or wearable devices.



While the number of these digital wallets remains relatively small, it’s on the upswing. Instead of carrying around a traditional wallet with cash and credit and debit cards, consumers can leave all that at home. Instead, they can make electronic payments from devices linked to their banks or through apps like Apple Pay, Android Pay (formerly Google Wallet) and Samsung Pay.



A recently published Federal Reserve Bank study found that the number of payments made with a smartphone increased from 0.3 billion payments in 2012 to 1.3 billion in 2015, an increase of nearly 72 percent per year. And in what may prove to be a further harbinger for the prospects of digital wallets, among Millennials, about 21 percent no longer carry or use cash to make their purchases.

New t echnology, old a ttack r outines



Despite lingering distrust among cybersecurity experts of the technology, layers of protection defend digital wallets against identity theft. A store isn’t able to view personal account numbers when customers use their digital wallets. What’s more, individual codes get generated by customers’ phones during each transaction, offering further protection against identity theft. Account information is encrypted and can only be accessed using a password or, with certain mobile devices, someone’s fingerprint.



However, tech history is littered with examples of technological innovations that have created new security vulnerabilities that malicious hackers exploited for their own ends.



As more employ their mobile phones at work, IT needs to prepare for the likelihood that a (growing) number of employees will also be using their devices as digital wallets. And just as malicious hackers deploy phishing and social engineering ruses, security practitioners must assume that the bad guys will similarly try to hack into your network by targeting mobile wallet users.



They can expect to see a familiar playbook — because it works. As the AT&T Cybersecurity Insights report points out, the challenges involved when it comes to mobile range from Wi-Fi hot spots that aren’t under the control of your network administrators to negligent or naïve employees who ignore security protocols.



Because the digital wallet business is a relatively young sector, standards are still being worked out. That’s left digital wallet payment providers and digital wallet payment developers on their own to define security standards.



Until the industry coalesces around uniform security standards, however, the onus will fall on organizations to protect themselves and their customers. In the short term, that means investing in a multilayered approach and enforcing the same basic security routines and proactive countermeasures used to mitigate the risks of specific attack vectors targeting mobile.



It also requires organizations to enforce security procedures, including two-factor authentication, data encryption and regular software patching as part of a balanced defense to address the vast majority of known threats. You can read more here about how AT&T recommends going about meeting that challenge.