The new Google Wallet, with its integrated Google Pay service, was launched in South Africa this week. Secure, convenient, frictionless and simple to use, it eliminates the need for physical payment cards, loyalty cards, medical aid cards and other plastic that is stuffed in your wallet. It even stores your digital car key and boarding pass, so everything’s easily accessible and — critically — safe.

Google Wallet is part of a growing trend in “embedded finance”, which integrates financial services or tools into non-financial apps.

Embedded finance allows customers to digitally solve real-world financial problems, making it easier for them to make payments, in-app purchases and even unlock physical doors. For businesses, embedded finance helps remove possible barriers to checkout, making customers more likely to complete their purchases.

Paysafe, the multinational online payments company, has identified digital wallets as the most popular payment method after debit and credit cards. Consumers say they are convenient and simple to use — particularly on mobiles, where entering payment details can be frustrating.

Paysafe’s Lost in Transaction: Consumer Payment Trends 2021 survey of consumers in seven countries in Europe and North America, which measured the immediate effect of Covid-19 on payment preferences, notes that the changes consumers made to the way they paid online during the pandemic are now becoming permanent.

Visit Daily Maverick’s home page for more news, analysis and investigations

A third (33%) of consumers said their change in behaviour was influenced by making fewer in-person payments generally, and 9% said they had not made any online payments before Covid-19.

Increased familiarity with alternative payment methods had also contributed to a change in behaviour for 21% of respondents, as had heightened fears about being a victim of fraud during the pandemic (25%).

Overall, consumers appeared to be slightly more confident in the security of online payments. Paysafe said the number of consumers searching for a “more seamless payment experience” had increased by 110% since the start of the pandemic.

With digital wallets, customers do not have to share their card details for the payment to go through. Because mobile payments are heavily encrypted and tokenised, digital wallets are said to be more secure than physical cards.

This week, Google SA country director Alistair Mokoena said: “Access to technology is vital for economic prosperity as millions of people use their mobile devices daily to tap and pay at stores, pay for public transportation and to utilise a variety of passes… By including everyone — a dynamic ecosystem of manufacturers, developers and users — we want to make digital wallets accessible to everyone through fast, secure access to their everyday essentials.”

For now, only cardholders of FirstRand Bank, Discovery Bank, Investec, Standard Bank, Absa and Nedbank will be able to add their cards to Google Wallet and pay with their Android phones or Wear OS devices in places where contactless payments are accepted.

Hacking concerns

There is a concern that digital wallets can be hacked. In February, Forbes reported that a Russian cybersecurity researcher, who exploits vulnerabilities in payment devices, put an already empty bank account into overdraft by tapping the locked device on a terminal. Fortunately, Timur Yunusov is “a benevolent hacker” who plies his trade with Moscow-based Positive Technologies. It has recently been sanctioned by the US government for allegedly assisting the Kremlin’s security agencies.

Yunusov sent the money back after he showed off the hacks, “proving long-known, still unfixed vulnerabilities in an Apple Pay feature allowing people to pay for transport options like the London Underground… with a quick tap and go, with no need to unlock the phone”.

The article said researchers at the universities of Birmingham and Surrey had showcased the same attack in September 2021, finding a way to “trick a phone” into believing it was allowing payments to be made at a train turnstile, when, in fact, they could be used at any kind of retail terminal, or one controlled by a hacker funnelling money into a criminal’s bank account.

Yunusov also showed Forbes an attack on a Samsung phone. “Though a little more complex, with a stolen Samsung using the tap-and-go feature, he could take it home and drain it of funds without needing to unlock it.”

Noëlle Van der Waag-Cowling, a cybersecurity and emerging tech threat expert at Stellenbosch University’s Security Institute for Governance and Leadership in Africa, says there are security pros and cons to using digital wallets. The biggest drawback is that your phone becomes a substantial single point of failure.

“On the upside, these contactless payments are driven with biometric security and two-factor authentication — definitely more secure than the ‘tap’ payment, which can be intercepted — and card skimming falls away as a risk.

“However, everything is hackable on some level: this also comes down to the levels of encryption utilised. Frankly, these types of payments are much safer than many e-commerce websites, which are often badly secured and designed.

“The resources which Apple and Google can spend on security are massive compared to fintechs, for example. This is part of the banks’ race-off with our [mobile network operators] who are branching out to working with fintechs to develop super apps and grab a share of the banks’ pie because the subscriber market is saturated.” DM168