How Safe Are Digital Wallets?

More than 80 percent of consumers in China used a digital wallet (using your smartphone to make payments or store things like your plane tickets) in 2018, followed closely in scale by consumers in Brazil, India and Argentina.

But in the United States, despite the ubiquity of smartphones and other connected devices, digital wallet adoption rates are hovering at roughly 10 percent, according to a 2018 analysis from Bain Research. So, why hasn’t the trend caught fire in the U.S.?

For starters, the U.S. and other developed countries are saturated with credit and debit cards, and you could argue it’s not any more convenient to use your phone over a card. Infrastructure is another obstacle: Card reading devices are everywhere, but those equipped to handle Apple Pay, for example, aren’t as prevalent.

However, the biggest factor might just be trust. Only 12 percent of consumers say they trust alternative payment providers to protect their personal and financial data, according to a 2017 American Banker survey. People worry their data in a digital wallet is more vulnerable to hackers and fraud than the one they carry in their pocket or purse.

But do perceptions match reality? Just how safe are digital wallets?


Despite all you’ve heard about data breaches, using a digital wallet can be more secure than relying on credit cards and cash. There are a few reasons for this.

If you lose your wallet, you lose it. Carrying a wallet with cash and cards presents a problem if you lose it — or worse, it’s stolen. If you had cash in there, it’s probably safe to assume that’s gone for good. Fortunately, you can call and cancel all the cards you carried but that’s its own headache.

It’s a different story if you have your information stored in a digital wallet app on your smartphone. Even if your phone is stolen or lost, it’s far more difficult to access your information, thanks to biometric authentication (requiring a thumbprint or facial scan to unlock your device). While you’ll be out a phone, most of your info resides in the cloud and can be ported back into a new phone like nothing happened.

Another perk: Digital wallets now allow you to load gift cards, show tickets, rewards cards, public transportation passes and more – you can kiss wallet butt goodbye.

Data encryption. When you use a PayPal, Venmo or a Cash App account, all your financial activity is encrypted. Essentially, your transaction data is “wrapped” in a randomly generated code that conceals it and renders it useless if commandeered by hackers. If you have a PayPal profile, for example, all your data is stored on a firewall-secured server that doesn’t have a direct connection to the internet (for enhanced safety).

Tokenization. When you pay for something with Apple Pay, for example, your credit card info is hidden in a randomly generated numeric code, known as a token. Your credit card number never appears in a merchant’s database; instead, that randomly generated, useless code, or token, sits on their database. To be fair, that’s what the chip on your credit and debit cards is used for, but it generates the code in a different way, known as EMV technology.

Sandboxing. Digital wallet apps also deploy a technique known as sandboxing. Basically, it isolates the app from every other app on your phone, which prevents shady apps from interacting with your digital wallet. Your digital wallet app only interacts with tools and resources within its “sandbox.”


Malware can still be a force. Hackers are creative, which means they can find cracks in even the best defenses with mobile malware if you let them. Spyware, for example, can infect your mobile device and record your keystrokes or other behaviors on the phone. Backdoor attacks are used to subvert security protocols and allow outsiders to move in and out of your system undetected. 

Quick tip: Only download trusted, verified apps to your phone. A viral selfie app can be fun, but it could compromise your phone or send your personal information to nefarious actors. Steer clear of suspicious emails and text messages, as well. Hackers typically can’t get in unless you open the door for them.

Avoid business on public WiFi: Try to avoid using public WiFi to conduct financially sensitive or personal business. For one, the WiFi network itself could be a rogue network set up specifically to gain access to your device. Public connections are also vulnerable to man-in-the-middle attacks, or hackers intercepting the connection between your device and the public WiFi router. Creative hackers can clone a payment app’s website (known as a spoofing attack), tricking you into entering your login information to the fake login site.

Quick tip: Do your banking and other financially sensitive tasks on a private, secured network to prevent app spoofing and other tricks that expose weaknesses in public networks. You can also purchase software to setup a personal VPN, or a secured connection, wherever you are to encrypt your data on a public network.

Losing your phone can be like losing your wallet. Of course, if you lose your phone it can be just like losing your wallet if your phone hasn’t been properly secured.

Quick tip: Be sure to set up biometric authentication on all your devices, or at least lock your phone with a password. While it may be a pain to enter a code or scan your face every time you open your phone, it’s an ounce of prevention that will go a long way.


Take the next step

Our advisors will help to answer your questions — and share knowledge you never knew you needed — to get you to your next goal, and the next.

Get started