Nov. 8, 2016, is etched in my memory as the day the Indian government made a life-changing announcement regarding demonetization. With higher value currency being made invalid for transactions, my fancy Michael Kors wallet faced a sudden existential crisis.

While the early days of demonetization brought a mad scramble to ATMs and banks, mobile wallet providers have been laughing their way to the bank ever since. With cash being limited, a lot of people have been turning to mobile wallets to make all kinds of transactions.

Why I Ditched My Designer Wallet for a Mobile Wallet

Despite being wary of mobile wallets, I resorted to a cashless transaction facility other than internet banking, and why not? It turned out to be convenient than carrying cash around.

A mobile wallet is a mobile application that enables customers to preload money or link their debit accounts to be used for transactions at retail stores, bill payments and more. This is certainly easier to carry than my physical wallet, which was bulky and occupied too much space in my bag. In additional to popular private vendors such as PayTM, MobiKwik and Citrus, banks have also joined the mobile wallet bandwagon.

Security Risks Remain a Concern

While a mobile wallet is convenient and immune to many risks associated with credit cards, it is still as vulnerable to mobile security threats as any other application. Mobile security is critical as bring-your-own-device (BYOD) policies are slowly becoming the norm. Organizations need to ensure that any mobile device connecting to their networks is compliant and that critical business information on the device is secure.

Below are some of the most common risks associated with mobile wallets.

Unencrypted Data

A mobile wallet transmits data over a wireless network, making it vulnerable to the dangers common to such transactions. For example, consumers conducting transactions over unsecure public Wi-Fi networks are vulnerable to snooping cybercriminals since their data is likely not encrypted. Encryption protects data in transit or stored on devices by ensuring that unauthorized third parties cannot access critical information.

Excessive Access

India is the world’s second largest smartphone market with more than 200 million users, according to Counterpoint Research. Businesses are attempting to capitalize on this market by introducing mobile applications for virtually every service imaginable.

Given the number of applications that already exist on the average user’s phone, it is fair to reason that customers are used to blindly accepting permission requests from applications during installation. An app might request access to the device ID, location services, camera or SMS. A rogue application with too much access to critical information on your device could cause serious problems, but a digital wallet can help safeguard much of this data.

Lost Devices and Weak Passwords

In the case of a lost or stolen mobile device, a customer stands to lose a lot of information. The best way to protect this data is to use strong passwords or biometric authentication. Most mobile wallets allow access to the account from anywhere, which enables customers to block access to applications on a lost device before a potential fraudster can do any damage.

Personal Liability

The greatest risk consumers face when using mobile wallets is personal liability. Users are responsible for any loss of money or information in the event of a breach. Mobile wallet fraud is not protected by insurance.

Mitigating Mobile Wallet Fraud

Though I am still very protective of my designer wallet, I am developing a more cautious attitude toward my mobile wallet as well. Here are a few steps consumers should take to remain a step ahead of cybercriminals looking to pick their digital pockets:

  • When selecting a mobile wallet application, consider which vendor provides the best security features.
  • Invest in a good antivirus solution for your mobile device.
  • Use strong passwords or biometric authentication.
  • Download applications from reputed stores only and be mindful of permissions requests.

More than two months have passed since the demonetization rule was enforced, and people have already begun to see the advantages of using mobile wallets. It’s time to take it a step further and ensure the security of our personal and sensitive information.

Watch the on-demand webinar: Shielding Mobile Apps from Critical Vulnerabilities

More from Endpoint

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…