Nov. 8, 2016, is etched in my memory as the day the Indian government made a life-changing announcement regarding demonetization. With higher value currency being made invalid for transactions, my fancy Michael Kors wallet faced a sudden existential crisis.

While the early days of demonetization brought a mad scramble to ATMs and banks, mobile wallet providers have been laughing their way to the bank ever since. With cash being limited, a lot of people have been turning to mobile wallets to make all kinds of transactions.

Why I Ditched My Designer Wallet for a Mobile Wallet

Despite being wary of mobile wallets, I resorted to a cashless transaction facility other than internet banking, and why not? It turned out to be convenient than carrying cash around.

A mobile wallet is a mobile application that enables customers to preload money or link their debit accounts to be used for transactions at retail stores, bill payments and more. This is certainly easier to carry than my physical wallet, which was bulky and occupied too much space in my bag. In additional to popular private vendors such as PayTM, MobiKwik and Citrus, banks have also joined the mobile wallet bandwagon.

Security Risks Remain a Concern

While a mobile wallet is convenient and immune to many risks associated with credit cards, it is still as vulnerable to mobile security threats as any other application. Mobile security is critical as bring-your-own-device (BYOD) policies are slowly becoming the norm. Organizations need to ensure that any mobile device connecting to their networks is compliant and that critical business information on the device is secure.

Below are some of the most common risks associated with mobile wallets.

Unencrypted Data

A mobile wallet transmits data over a wireless network, making it vulnerable to the dangers common to such transactions. For example, consumers conducting transactions over unsecure public Wi-Fi networks are vulnerable to snooping cybercriminals since their data is likely not encrypted. Encryption protects data in transit or stored on devices by ensuring that unauthorized third parties cannot access critical information.

Excessive Access

India is the world’s second largest smartphone market with more than 200 million users, according to Counterpoint Research. Businesses are attempting to capitalize on this market by introducing mobile applications for virtually every service imaginable.

Given the number of applications that already exist on the average user’s phone, it is fair to reason that customers are used to blindly accepting permission requests from applications during installation. An app might request access to the device ID, location services, camera or SMS. A rogue application with too much access to critical information on your device could cause serious problems, but a digital wallet can help safeguard much of this data.

Lost Devices and Weak Passwords

In the case of a lost or stolen mobile device, a customer stands to lose a lot of information. The best way to protect this data is to use strong passwords or biometric authentication. Most mobile wallets allow access to the account from anywhere, which enables customers to block access to applications on a lost device before a potential fraudster can do any damage.

Personal Liability

The greatest risk consumers face when using mobile wallets is personal liability. Users are responsible for any loss of money or information in the event of a breach. Mobile wallet fraud is not protected by insurance.

Mitigating Mobile Wallet Fraud

Though I am still very protective of my designer wallet, I am developing a more cautious attitude toward my mobile wallet as well. Here are a few steps consumers should take to remain a step ahead of cybercriminals looking to pick their digital pockets:

  • When selecting a mobile wallet application, consider which vendor provides the best security features.
  • Invest in a good antivirus solution for your mobile device.
  • Use strong passwords or biometric authentication.
  • Download applications from reputed stores only and be mindful of permissions requests.

More than two months have passed since the demonetization rule was enforced, and people have already begun to see the advantages of using mobile wallets. It’s time to take it a step further and ensure the security of our personal and sensitive information.

Watch the on-demand webinar: Shielding Mobile Apps from Critical Vulnerabilities

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read