Nov. 8, 2016, is etched in my memory as the day the Indian government made a life-changing announcement regarding demonetization. With higher value currency being made invalid for transactions, my fancy Michael Kors wallet faced a sudden existential crisis.

While the early days of demonetization brought a mad scramble to ATMs and banks, mobile wallet providers have been laughing their way to the bank ever since. With cash being limited, a lot of people have been turning to mobile wallets to make all kinds of transactions.

Why I Ditched My Designer Wallet for a Mobile Wallet

Despite being wary of mobile wallets, I resorted to a cashless transaction facility other than internet banking, and why not? It turned out to be convenient than carrying cash around.

A mobile wallet is a mobile application that enables customers to preload money or link their debit accounts to be used for transactions at retail stores, bill payments and more. This is certainly easier to carry than my physical wallet, which was bulky and occupied too much space in my bag. In additional to popular private vendors such as PayTM, MobiKwik and Citrus, banks have also joined the mobile wallet bandwagon.

Security Risks Remain a Concern

While a mobile wallet is convenient and immune to many risks associated with credit cards, it is still as vulnerable to mobile security threats as any other application. Mobile security is critical as bring-your-own-device (BYOD) policies are slowly becoming the norm. Organizations need to ensure that any mobile device connecting to their networks is compliant and that critical business information on the device is secure.

Below are some of the most common risks associated with mobile wallets.

Unencrypted Data

A mobile wallet transmits data over a wireless network, making it vulnerable to the dangers common to such transactions. For example, consumers conducting transactions over unsecure public Wi-Fi networks are vulnerable to snooping cybercriminals since their data is likely not encrypted. Encryption protects data in transit or stored on devices by ensuring that unauthorized third parties cannot access critical information.

Excessive Access

India is the world’s second largest smartphone market with more than 200 million users, according to Counterpoint Research. Businesses are attempting to capitalize on this market by introducing mobile applications for virtually every service imaginable.

Given the number of applications that already exist on the average user’s phone, it is fair to reason that customers are used to blindly accepting permission requests from applications during installation. An app might request access to the device ID, location services, camera or SMS. A rogue application with too much access to critical information on your device could cause serious problems, but a digital wallet can help safeguard much of this data.

Lost Devices and Weak Passwords

In the case of a lost or stolen mobile device, a customer stands to lose a lot of information. The best way to protect this data is to use strong passwords or biometric authentication. Most mobile wallets allow access to the account from anywhere, which enables customers to block access to applications on a lost device before a potential fraudster can do any damage.

Personal Liability

The greatest risk consumers face when using mobile wallets is personal liability. Users are responsible for any loss of money or information in the event of a breach. Mobile wallet fraud is not protected by insurance.

Mitigating Mobile Wallet Fraud

Though I am still very protective of my designer wallet, I am developing a more cautious attitude toward my mobile wallet as well. Here are a few steps consumers should take to remain a step ahead of cybercriminals looking to pick their digital pockets:

  • When selecting a mobile wallet application, consider which vendor provides the best security features.
  • Invest in a good antivirus solution for your mobile device.
  • Use strong passwords or biometric authentication.
  • Download applications from reputed stores only and be mindful of permissions requests.

More than two months have passed since the demonetization rule was enforced, and people have already begun to see the advantages of using mobile wallets. It’s time to take it a step further and ensure the security of our personal and sensitive information.

Watch the on-demand webinar: Shielding Mobile Apps from Critical Vulnerabilities

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]