Digital wallets have been around for a long time. But it’s only in the past 2 or 3 years that they have become a mainstream method of storing the information needed when paying for goods and services. Originally, wallets were designed to store everything from payment cards to loyalty schemes and emergency details. Yet their use has pretty much contracted down to contact-less payments.
Apple Pay and Android Pay are, as you’d expect, two of the biggest players in the contact-less payment game. The likes of Samsung also have their own system in place for (some) Samsung device owners. Both also support loyalty schemes and gift cards, but the schemes that can be used need to already be approved by Apple or Google. Nor can you just add any loyalty scheme details.
Android Pay is actually the replacement for Google Wallet. Google thought it better to start from scratch in an attempt to get things right, rather than try and patch up the rather hit and miss Wallet. Where Google went right this time is working directly with banks to make sure everything could talk to each other when needed. That is instead of introducing a generic method which many banks and retailers wouldn’t buy into.
In a short time, smartphone-based contact-less payments have pretty much become available anywhere that card payments are taken. There’s also usually a limit in most countries on how much can be debited in a single transaction. A number of countries also require a signature or PIN for anything over that limit. The US, though, generally has no limits for how much can be spent in a single contact-less transaction, unless the buyer is using a contact-less card. In which case a signature will be required for transactions over $25.
Credit and Debit cards have long been considered notoriously insecure. The addition of Chip and Pin helped somewhat. Yet card fraud still runs into the billions of dollars every year. So are digital wallets any more secure? Despite some reports, the answer is a generally resounding “Yes”.
In the early days, apps would transmit card details and authorizations back and forth over a data connection. This made them prone to interception by a third party who may have the necessary tools to decrypt the information and end up in possession of all your bank details. Now, when you register a card in the relevant payment app on your device, it encrypts it’s data. No identifiable information is transmitted when payments are made.
While sending card details is the case with standard card payment terminals, both Android and Apple Pay have a different method. They use the information created at the time of the transaction, and transmit it using random tokens created based on the account information in use. Banks use the tokens to identify the sending device, thereby effectively linking the payment to a single smartphone.
In reality, all digital information is at risk of theft, however small that risk may be. But Apple and Google have gone to great lengths to put the bulk of the security side of contact-less payments in the hands of the people who know how best to implement it, the banks themselves. This reduces the risk as much as is currently possible. Compare this with how many physical credit and debit cards get lost or stolen every year, and how many get cloned surreptitiously. It’s clear that digital payments are more secure than standard card payments.