Are digital wallets safe? New research says ‘no’ | Biometric Update
The way digital wallets typically authenticate users, and the ways that authentication is delegated, pose a significant security risk, researchers say.
www.biometricupdate.com
One of the issues identified is a weakness in how authentication methods are determined. Banks usually delegate the choice of user authentication method to the wallet. Generally, two types of authentication methods are used: knowledge-based authentication (KBA) and multi-factor authentication (MFA). When it comes to cardholder verification methods (CVMs) on smartphones the choices fall to either a passcode, pattern or the biometric authentication native to the device.
But while delegating authority for authentication is efficient and scalable, this compromises security, the researchers argue.