Are smartphone payments safer than digital wallets?
Plastic may still be fantastic for the majority of Australians, but that might not be the case for long as people increasingly reach for their smartphones over their physical credit and debit cards when it comes to paying at the register.
More than one in three people regularly used a mobile device with a digital wallet to make in-person payments in 2022, a new analysis conducted by the Reserve Bank has revealed, which is up from around one in 10 during 2019.
Predictably, younger Australians have been the fastest adopters of Apple Pay, Google Pay and other digital wallets, with more than 60% of those aged between 18 and 29 making at least one payment a week using a mobile device.
Andrew Morrison, the chief product and growth officer at ubank, believes that the uptick in digital wallet use - which it has observed among its own customers - comes down to convenience and security.
"What was initially a hygiene concern at the start of the pandemic, is now reshaping the future of banking because of the need for convenience and streamlined payment experiences.
"Ubank saw the biggest spike (34%) in digital wallet usage during December 2022 because customers can carry multiple payment options in their smartphones and the convenience of being one tap or QR scan away from purchases, all while there's an increased level of security through features like biometric or two-factor authentication."
In terms of the total share of in-person card payments, Australians are still most likely to tap at a terminal with their physical card. However, smartphone payments are gaining ground and they're now much more common than those made by inserting a physical card.
Are mobile payments and digital wallets more secure?
The freedom of being able to leave your wallet at home is one thing, but as Morrison notes, part of the draw of using a digital card on a smartphone is that it comes with a level of security that a traditional wallet simply can't offer.
"Aside from digital wallets offering contactless payments that are convenient and faster, they also provide enhanced security because many utilise biometric authentication (think fingerprints or facial recognition), which replace traditional PIN numbers and ensures only authorised people are accessing your money," he says.
"These security measures are intended to prevent identity theft on smart devices and will become increasingly integrated into standard payment processes."
Beyond that provided by the phone itself, the other security benefit comes in the way that transactions are actually made through the likes of Apple Pay and Google Pay.
"Apple Pay uses a device-specific number and unique transaction code when a user makes a purchase. It does not share card numbers with merchants but a tokenised credit card number, which is basically a virtual credit card number," explains Dr Arash Shaghaghi, a senior lecturer in cyber security at the University of New South Wales (UNSW).
However, Shaghaghi says that digital cards don't necessarily come equipped with some of the security features offered with another emerging payment option: virtual cards.
Still relatively rare in Australia, virtual cards aren't a digital copy of a physical debit or credit card issued by a bank. Instead, they exist purely inside a phone with their own card number and CVV/CVC number and can often be generated as a single-use card to make purchases online or in-store.
"These digital wallets do not provide the same security and privacy customisation as virtual credit cards (e.g., merchant-specific card numbers and limit controls) provided by a financial institution," says Shaghaghi.
"Digital wallets are also not supported by all websites. Hence, virtual credit cards offered by credit card companies may still be a better option or complement digital wallets. In fact, Google Pay and Apple Pay support using virtual credit cards offered by some financial institutions and provide users with merchant-specific virtual credit card numbers."
How can digital wallet users keep their cards safe?
So for the third of Australians who are regularly tapping away with their phones, how can they ensure that their cards, and money, stay safe? Dr Kam-Fung Cheung, a lecturer in cybersecurity, risk and privacy at UNSW has the following tips:
- Enable security features such as passcode, PIN, or biometric authentication (fingerprint or facial recognition), and two-factor authentication (2FA) or multi-factor authentication (MFA) if available
- Download the digital wallet app from a trusted source
- Update the digital wallet app with the latest security patches
- Use secure networks and avoid using public Wi-Fi networks when making payment
- Review transaction history regularly to ensure that all transactions are legitimate
- Be vigilant and be cautious of phishing attempts
- Avoid sharing sensitive personal information such as your wallet credentials or card details with anyone or through unsecured channels
Get stories like this in our newsletters.