Reader Forum: Mobile wallet is not your stupid electronic wallet

Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but maintain some editorial control so as to keep it free of commercials or attacks. Please send along submissions for this section to our editors at:dmeyer@rcrwireless.com or tford@rcrwireless.com.
There is a lot of noise in the market about electronic wallets, mobile wallets and NFC these days. There is the Google Wallet, the Isis Wallet, the Visa Wallet and of course the impending much speculated Apple Wallet, which will probably be called the, you guessed it, iWallet. Electronic wallet, mobile wallet and NFC are often used interchangeably by various wallet junkies, including yours truly, which become a source for confusion when it comes to privacy, security and convenience – the things which are most important to the consumer.
So let me try to clear this air a bit.
To do so, first of all let us take a look at what is already in use today – when someone says electronic wallet what they mean is when you use PayPal or Amazon.com or iTunes; your card-not-present credit card information is stored in the cloud and you don’t have to type it out. You login and you order. Amazon.com or Apple Inc. have your information in their cloud, and they submit the transaction on your behalf.
That is the electronic wallet of today. It is not with you. It is with your trusted merchant. It is not your wallet. It is the merchant’s mega-wallet in the cloud. If they get hacked, you are out of luck. We all know that story all too well. I have personally received three new cards from a bank that will go unnamed in the last two years because some merchant’s mega-electronic wallet in the fluffy cloud got hacked. This is your average electronic wallet. While it is convenient, it comes with a serious trade-off of privacy and security risks.
The “mobile wallet” cannot and will not be built the way electronic wallets are built.
The electronic wallet has too much information centralized to the cloud. It is much better to leave the information local, in the consumer’s mobile phone, inside a secure element – sort of like your SIM card. Why do you think you turn on your phone and you are able to make a call without having to enter a username and password for AT&T Mobility to let you use your phone? It is because your identity is stored in your SIM card. It cannot be replicated millions of times instantly like a username and password. The “what you know” factor of authentication has limited security and limited privacy – this is what today’s electronic wallets are made of. For mobile wallets your identity information will need to be stored in a distributed manner and in a secure element, where the information is stored encrypted and only the card issuing bank can decrypt it. This will not only bring the convenience, because you just enter your PIN to use it, but is also a lot more secure because it can’t be cloned remotely, and it brings privacy as well because only the “need-to-know” know.
To succeed, the mobile wallet will have to take a different approach:
–Secure element for user’s wallet over cloud for a mega wallet.
–Distributed over centralized.
–Too many to hack over too big to fail.
–Convenience and privacy over convenience at the expense of privacy.
This is how mobile wallet will end up being. This is not the same as the electronic wallet of today in the cloud. Anything less is uncivilized, and irresponsible.