Alaap B. Shah and Chris Taylor, attorneys in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, co-authored an article in OneTrust DataGuidance, titled “USA: Privacy and Cybersecurity Considerations for Contactless Payment Solutions.”

Following is an excerpt:

In 2011, Google launched what was then known as Google Wallet, a mobile payment system that allowed consumers to make payments and transfer money using their mobile devices. The free service allowed consumers to store credit, debit, or loyalty card information within a digital wallet and provided consumers an alternative to cash or physical credit cards. Nearly a decade later, Google Wallet evolved into Google Pay and joined other big tech companies providing similar solutions such as Apple Pay and Samsung Pay. Yet, the volume of mobile payments remained relatively small compared to traditional forms of payment such as cash and physical credit cards. Outside of a handful of merchant-specific services, consumers lacked a compelling reason to use digital wallets when mobile payment alternatives offered few other advantages over traditional payment methods. Alaap Shah and Chris Taylor, from Epstein Becker & Green, P.C., discuss the privacy and cybersecurity considerations relevant to digital wallets in this article.

The rise of digital wallets

In 2020, the COVID-19 pandemic ignited the digital wallet industry by driving demand for contactless payment. As public health organisations across the globe initially identified contaminated objects and surfaces as one of the coronavirus' principal modes of transmission, consumers began prioritising contactless payment methods over physical cards and cash, which could act as vectors of virus transmission. As a result, merchants also encouraged consumers to use contactless payment methods, and some even abandoned cash payment altogether. According to an August 2020 survey by the National Retail Foundation, 69% of retailers saw an increase in contactless payments during the COVID-19 pandemic, and 94% said they expected that increase to continue. In 2020, mobile payments grew by 29% as they started becoming the preferred payment method during the pandemic. From a consumer perspective, according to a study from MasterCard, 79% of global consumers are using contactless payment to maintain safety and cleanliness and these consumers are likely to continue using the payment method post-pandemic.

As adoption of contactless payment continues to grow, stakeholders (consumers, digital wallet providers, and merchants) should understand their unique roles in ensuring digital wallet technologies, and the financial transactions they facilitate, remain secure and that consumer privacy is protected. This article explores these considerations from each stakeholder's perspective.

Stakeholders should first understand how underlying digital wallet technology works within mobile payment platforms, including how that technology balances convenience with privacy, and the security of the data in ensuing transactions.

Mobile payment providers chiefly employ one of two technologies to process payments: Magnetic Secure Transmission ('MST') or Near Field Communications ('NFC'). Similar to Wi-Fi or Bluetooth technology, NFC technology uses electromagnetic fields to allow a mobile device to communicate with a payment terminal. To use an NFC-enabled device, the merchant must have a compatible card reader at the point-of-sale. MST technology produces a magnetic signal similar to when a consumer swipes the magnetic stripe on a credit or debit card. The digital wallet then transmits that signal to the payment terminal's card reader. Compared to NFC, MST is backward compatible, meaning that a mobile payment platform employing MST technology is compatible with most conventional magstripe readers, including those which have not yet had NFC contactless payment capabilities installed in their payment terminals. The National Retail Federation reports that 42% of US merchants do not yet have NFC contactless payment capabilities. MST bridges that gap, most notably for tech-conscious consumers who purchase the latest mobile devices and want to use contactless technology regardless of the merchant.

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.