FACTORS TO CONSIDER FOR IMPROVING EWALLET SECURITY

11th February 2022


Because of the advancement of financial technology, there has been a considerable increase in cashless transactions in recent years. Consumers are migrating from cash-based to cashless transactions because of the proliferation of fintech solutions such as e-wallet. Because they were born in the smartphone age, young adult customers in the twenty-first century are considered tech-savvy. Electronic wallets (e-wallets), which are an integral feature of electronic payment systems, are one of the greatest inventions of the twenty-first century. The word "e-wallet" refers to a type of digital wallet that allows users to link their debit or credit cards to the wallet and conduct transactions with it.

It is stated that payments made with an e-wallet are more convenient and faster than payments made through a traditional banking system since they save time and money. Because consumers perceive this approach to be useful, the cellular-based payment system is frequently used for transactions, and payments are made using mobile applications. Payment via e-wallet not only delivers convenience and speed but also provides consumers with a sense of security and confidence in transactions conducted anywhere and at any time.

The rapid advancement of information technology facilitates the payment system's specific qualities. Consumers are migrating from cash-based to cashless economies as the number of e-payment systems grows. However, changing to a non-cash economy is challenging, and existing cash-based trading habits are still firmly compacted. However, the expansion of e-wallets in Malaysia is mostly owing to several factors, one of which being the ease with which cash may be transferred, followed by security and cost savings. As these younger generations become more immersed in smart technology, they want to try out new apps and see how easy they are to use, secure, and private they are. However, information security and privacy are important to consider because data breach instances and difficulties are on the rise around the world, including in Malaysia. Identity theft, credit card fraud, and cybercrime are examples of users exploiting a lack of awareness about information protection.



E-wallet Security Measures

Are digital payments secure in the case of e-wallet solutions? Developers must safeguard information and traffic for mobile payment solutions to continue to take the world by storm in a secure manner. E-wallet apps, contrary to popular belief, are safer than physical wallets. Even if a user loses their phone, the app's security features will render the e-wallet useless to anyone attempting to use it illegally. App developers, on the other hand, oversee e-wallet adoption by putting in place these safety barriers. To set the stage, these are the most important characteristics for information security:

- Confidentiality: Only authorised users can access information.
- Integrity: Prevent unauthorised changes to data.
- Availability: Make sure data is accessible to authorised users when they need it.



1. Enforce Secure Coding Practices

Remember that the code is an important part of protecting the sensitive financial data saved on the server and the user's device. As a result, it's a good idea to plan out the app's security structure ahead of time and be aware of any coding faults that could lead to a breach. In this way, coding with security in mind will result in a better product and lower future damage mitigation expenses. Furthermore, your e-wallet software requires a solid IT infrastructure that facilitates input validation and data verification in the app. To protect sensitive data, be cautious when providing external access and set access restrictions based on roles and permissions. Determine whether keeping debit, credit or account numbers, as well as other useful information, is necessary. If the e-wallet software can function without this sensitive financial information, don't save it.

Finally, be certain that you:

- Introduce the usage of complicated passwords and have them disabled after several attempts.
- Keep track of each user's geolocation, IP address, and behaviours.
- Keep track of transactions and use a payment blocking option for dubious ones.
- For large transactions, use multi-step authentication.
- Make sure the API and web server are secure.
- Teach users about passwords, device sharing, and security precautions.
- Always use quality assurance and testing techniques



2. Two-Factor Authentication

Before accessing an account, two-factor authentication requires the app's user to prove their identity in two separate methods. 2FA normally necessitates the delivery of a token via a mechanism that is only available to the user. Other second factor methods, such as biometrics, fingerprints, or retina scanning, are also allowed. In any event, before giving access to the app, the system must verify both verification processes. 2FA is a foolproof solution to e-wallet app security because it assures that a hacked password is insufficient to gain access to the user's assets. The password is worthless without knowing the mechanism and having access to the second factor, and the account is safe. The following are some of the most popular 2FA methods that developers can use:

- SMS token: A 5-10-digit code given to the phone of the user. - Email token: A 5-10-digit code or link sent to the user’s email. - Software token: The user downloads a mobile app (such as Duo Security or Google Authenticator) that produces unique tokens. - Hardware token: The user owns a token-generating device. - Biometrics: The token is the user's physical features.



3. Access Tokens

Developers utilise access tokens in token-based authentication as a security barrier to authenticate users in mobile banking systems. Access tokens are used in FinTech to signify an application's authority to access specified sections of a user's financial data. They are commonly used in e-wallet apps to connect between the program and a third-party API. Keep in mind that the storage of access tokens in your app must be secured to ensure that they are not available to other apps on the same device. Users can also use access tokens to avoid having to authenticate each time they request the server. However, because they are time-sensitive, the token will expire if the user logs out or the valid time limit expires. These time intervals enable session expiry mechanisms, which safeguard user data against lost devices or open sessions in public places.



Factors Influencing the Use of E-wallet

1. Perceived Usefulness

The degree to which an individual believes that using a certain information system will increase their productivity is referred to as perceived usefulness. The direct association between perceived usefulness and behavioural intention to use the technology is predicted by perceived usefulness. Perceived usefulness is defined as a person's belief that adopting a specific system will improve his or her job performance. The biggest element that has a considerable impact on behavioural intention is perceived utility. For instance, payment solution EVOLET offers easy to use tools to make your salary payment system seamless and efficient. Therefore, employers and organisations will find perceived usefulness in such a solution.



2. Perceived Ease Of Use

The term perceived ease of use signifies to “the extent to which using a particular system will be free from effort”. Perceived ease of use has a favourable and significant impact on behavioural intentions to utilize technology.



3. Privacy and Security

The ability of an individual to individually monitor self-relevant information is defined as privacy. One of the elements that influence the use of an e-wallet is privacy and security, which is found to be more encouraging. One of the difficulties that keep customers away from acquiring things unless they are safeguarded is a lack of security and privacy. Payment through an e-wallet without security features, on the other hand, may result in unauthorised access to personal information and a lucrative opportunity for cybercriminals to breach data. While the e-wallet has grown in popularity due to its ease of use, there is still a lack of knowledge and awareness among the public, as well as a fear of making transactions due to security concerns. Customers may lack faith in the information system provider and will refuse to do any e-payment transactions unless privacy and security measures are included.



Factors to consider in improving eWallet security

1. Data Synchronisation

When it comes to online purchasing, customers should be able to purchase without having to submit their credit card information. Important passwords connected with each account are also stored in digital wallets. Users can receive important information in real-time without needing to log in using this method. This information, however, should be synchronised between devices. As a result, the user will have access to the same information whether they switch from a smartphone to a tablet.



2. GPS Tracking And Navigation

Your e-Wallet's GPS tracking and navigation features are essential. Not only does GPS assist with authentication, but it also allows users to pay one another. People can instantly give money to each other because no account information is necessary. This feature will assist promote the popularity of your eWallet mobile app, especially among families. Access to real-time bargains is also possible with GPS. The app can remind the user of discounts and specials that they qualify for while they're near the business, depending on your partnerships and business strategy.



3. Wearable Device Integration

Wearables' popularity has skyrocketed in recent years. As a result, flawless connectivity with wearable devices is crucial. Smartwatches, for example, should have access to your eWallet to complete a transaction. This method eliminates the necessity for the consumer to take their smartphone to a point-of-sale terminal. Furthermore, this method facilitates and speeds up transactions.



4. Privacy And Security

Finally, your eWallet will be meaningless if it lacks sufficient privacy and security standards. As a result, it must be built on a solid foundation of tight confidentiality and security. After all, you're dealing with very sensitive information that, if compromised, may have serious ramifications. To maintain regulatory compliance, your eWallet app should be password protected and include features such as 2-factor authentication, biometric technology such as fingerprint reading, and QR-code validation especially if it is dealing with aspects like salary management. It also aids in the deployment of real-time monitoring to boost security.

Tokenisation technology enables the use of strong encryption in eWallet mobile apps. If a token or crypto key is taken, the cybercriminal has no use for it. As a result, expect to see more tokenisation in this domain. When all these security methods are combined, your eWallet will be more secure. To make it impregnable, Apple Pay combines biometric characteristics with tokenization.



EVOLET is a digital wallet app for migrant workers.

Learn more at https://evolet.io/