Alaap B. Shah and Chris Taylor, attorneys in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, co-authored an article in OneTrust DataGuidance, titled “USA: Privacy and Cybersecurity Considerations for Contactless Payment Solutions.”
Following is an excerpt:
In 2011, Google launched what was then known as Google Wallet, a mobile payment system that allowed consumers to make payments and transfer money using their mobile devices. The free service allowed consumers to store credit, debit, or loyalty card information within a digital wallet and provided consumers an alternative to cash or physical credit cards. Nearly a decade later, Google Wallet evolved into Google Pay and joined other big tech companies providing similar solutions such as Apple Pay and Samsung Pay. Yet, the volume of mobile payments remained relatively small compared to traditional forms of payment such as cash and physical credit cards. Outside of a handful of merchant-specific services, consumers lacked a compelling reason to use digital wallets when mobile payment alternatives offered few other advantages over traditional payment methods. Alaap Shah and Chris Taylor, from Epstein Becker & Green, P.C., discuss the privacy and cybersecurity considerations relevant to digital wallets in this article.
The rise of digital wallets
In 2020, the COVID-19 pandemic ignited the digital wallet industry by driving demand for contactless payment. As public health organisations across the globe initially identified contaminated objects and surfaces as one of the coronavirus' principal modes of transmission, consumers began prioritising contactless payment methods over physical cards and cash, which could act as vectors of virus transmission. As a result, merchants also encouraged consumers to use contactless payment methods, and some even abandoned cash payment altogether. According to an August 2020 survey by the National Retail Foundation, 69% of retailers saw an increase in contactless payments during the COVID-19 pandemic, and 94% said they expected that increase to continue. In 2020, mobile payments grew by 29% as they started becoming the preferred payment method during the pandemic. From a consumer perspective, according to a study from MasterCard, 79% of global consumers are using contactless payment to maintain safety and cleanliness and these consumers are likely to continue using the payment method post-pandemic.
As adoption of contactless payment continues to grow, stakeholders (consumers, digital wallet providers, and merchants) should understand their unique roles in ensuring digital wallet technologies, and the financial transactions they facilitate, remain secure and that consumer privacy is protected. This article explores these considerations from each stakeholder's perspective.
Stakeholders should first understand how underlying digital wallet technology works within mobile payment platforms, including how that technology balances convenience with privacy, and the security of the data in ensuing transactions.
Mobile payment providers chiefly employ one of two technologies to process payments: Magnetic Secure Transmission ('MST') or Near Field Communications ('NFC'). Similar to Wi-Fi or Bluetooth technology, NFC technology uses electromagnetic fields to allow a mobile device to communicate with a payment terminal. To use an NFC-enabled device, the merchant must have a compatible card reader at the point-of-sale. MST technology produces a magnetic signal similar to when a consumer swipes the magnetic stripe on a credit or debit card. The digital wallet then transmits that signal to the payment terminal's card reader. Compared to NFC, MST is backward compatible, meaning that a mobile payment platform employing MST technology is compatible with most conventional magstripe readers, including those which have not yet had NFC contactless payment capabilities installed in their payment terminals. The National Retail Federation reports that 42% of US merchants do not yet have NFC contactless payment capabilities. MST bridges that gap, most notably for tech-conscious consumers who purchase the latest mobile devices and want to use contactless technology regardless of the merchant.