According to the U.S. Public Interest Group complaints about current mobile wallets on the market are on the rise. The top three complaints are problems managing accounts, fraud, and transaction issues. Host Merchant Services cites that consumers’ concerns about mobile wallet security is the number one issue.
This product is a mobile wallet system that will eliminate these complaints for consumers. This mobile wallet is universal. This makes it easy to manage multiple accounts and keep track of spending, transaction issues and potential fraud. so that you wouldn’t be locked into using select devices or choice vendors such as with Apple Pay.
Apple Pay is one of the most admired and widely embraced mobile wallets on the market. Even so this product has multiple limitations. Use of Apple Pay requires the use of only Apple devices. Consumers are unable to try devices from new manufacturers less they render their funds unusable. To utilize Apple Pay funds the vendor must accept this form of payment. Although Apple is marketed as the most secure ecosystem, it has experienced issues with hackers breeching the privacy of its users. iCloud being hacked damaged some consumer trust. The same can be said for competitors of Google Pay, Samsung Pay, Android Pay, etc.
Our group aims to be able to address those users who don’t want to be locked into a device ecosystem, vendors that want to be able to bring customers from all these ecosystems rather than choosing between vendors, and to remove the required technology component.
Our innovation is a mobile wallet with a physical card that will allow you to use payment from any of these ecosystems anywhere a credit card or mobile payment is accepted. It will also convert currencies for you, so that you will have free use of bitcoin in a physical store or online shopping. This will also allow you to travel without having to worry about banking hours and rules in a foreign place.
As cybersecurity majors, the major concern with the product was being able to make sure this product is secure and protects consumers from data theft. Per pymnts.com, “Consumers don’t feel safe using mobile wallets and prefer the use of physical cards. This in turn limits the universal adoption of mobile wallets and makes it difficult for consumers to easily use mobile wallets in person and online.” We looked at current physical cards and mobile wallets to see the weak points in security to make our product the most secure. We took the microchip technology that consumers trust and used it to create a microchipped swipe versus a magnetic swipe. This makes our product more secure and less vulnerable to data breaches. In addition to this, the card number is not fixed and changes transaction to transaction. This makes it more difficult for hackers to steal you information from vendors during data breeches, using devices to physically steal your card information, and safeguards your banking information should our company every be hacked.
The physical card will be accompanied by a secure app located on the customer’s phone. It will allow them to switch between accounts before swiping the card. This will allow you to use any mobile wallet when shopping online or in a physical store. It will also display the balance of each account to assist with budget tracking. Customers will also be able to transfer money between accounts easily and convert currency while traveling. The app will also offer various levels of fraud protection dependent upon consumer budget and need.
As an additional layer of security to keep customers safe, each swipe will feature biometric screening of a fingerprint or facial recognition with each swipe. By requiring the user utilize a form of multifactor authentication it will ensure only the intended customer has access to their own funds. This will further protect against identify theft and/or fraud.
Our product is quite unique. It has enhanced safeguards that no other product on the market offers. There is no other product on the market that blends virtual commerce with the physical world in such as secure manner. No other product has universal adoption for credit transactions while allowing you to utilize any device ecosystem of your choosing. Our system protects against criminal or unauthorized use of electronic data, and any measures that can be taken to achieve to that end utilizing multiple layers of data encryption. This product will allow us to make e-transactions more accessible by bridging the gap between the electronic and physical world while making the process more secure.
Mobile Wallet Security: A Systematic Literature Review discusses challenges in the market of current mobile wallets and how to make them secure. This review discusses in what ways mobile wallets are utilized. It also outlines findings of this article that the popularity of mobile wallets continues to increase year after year is evidence that this is a good field to branch into.
The review discusses how mobile wallets are utilized for payments, transfers, and purchases. This is in align with the uses of our mobile wallets. We want our consumers to be able to utilize the mobile wallet system to utilize a secure microchip credit card to access e-funds that are otherwise unusable without a specific device iOS ecosystem. For instance, you would be able to use Apple Pay in places only Samsung Pay is accepted.
The review goes on to discuss how to make this experience secure when utilizing a mobile device. One security concern is that of physical theft. This product addresses this concern with the addition of multifactor biometric security (Bello-Orgaz, Jung, & Camacho Díaz, 2019). Before utilizing the credit card, the user must first select the linked product in the app and then use a fingerprint or facial recognition to unlock the card. If a thief manages to physically steal the credit card, it will be useless.
To prevent device spoofing, mobile wallet businesses should implement robust security measures, such as two-factor authentication, biometric authentication, and device recognition technology according to Kahn. The first step of creating a secure product is knowing what methods can be used to breach its defenses. One method thieves use is intercepting consumer information. This allows them to impersonate a consumer and access their financial assets via a mobile device. Kahn talks about device and domain spoofing in the article, “What Is Device Spoofing? How Is It Different from Domain Spoofing?” Our biometric screening and two factor authentication requirements eliminate this form of breach for the most part. If a consumer does feel that they are at risk of fraud, the app will allow them to immediately report it and suspend the account. Consumers will also be able to utilize fraud protection at their chosen level to allow them to feel secure.
As a best method of security Kahn also suggests that physical cards can also be issued as an alternative means of accessing the mobile wallet account, which can provide an additional layer of security and help mitigate the risk of device spoofing. This is where our reinvented mobile card comes into the picture. It does not feature any numbers or security codes that can be cloned. These numbers are not static, and they change with each transaction.
The article “Analyzing of e-commerce user behavior to detect identity theft” by Vučković et al. (2018) re-emphasizes that identity theft concerns are on the rise and that the need for secure methods of authentication is increasing. The product fills this void in the market and addresses the growing needs oof consumers. He proposes the use of machine learning algorithms to detect identity theft attempts. Vučković stated that these algorithms were able to detect unidentified new forms of attack. This is not a feature of our e-wallet product, however, should this method prove effective in the future there is the potential for this to be incorporated into the app. It would be possible to deploy a beta test with consumer approval and we would be able to study our users to see if the desire for adaption of this method is there.
With this being new technology consumer trust might not be there for machine learning A.I. It is currently experiencing much negative press and there are high profile person creating petitions against the use of A.I. It would not be wise to incorporate it into our mobile wallet without more data at this time. However, some profits will be allocated to research in this area where regulations allow.
The article “Detecting Mobile Agents Using Identity Fraud” by Yang et al. (2014) also outlines how the use of behavior patterns is useful in detecting identity fraud. This method of detection was able to be incorporated into our product. Yang discusses how monitoring the behavior patterns of the user can assist with detecting if someone is trying to impersonate them. When transactions are completed outside of a user’s normal hours of use that will create a flag in the system and an alert will go to the user’s app prompting biometric identification. The same type of flag will also be created if the user has gone outside of their normal geolocation range.
“ATM Card Cloning and Moral Contemplations” 2018) gives insight into the issue of cloning ATM cards. Kaur presses that cloning of cards is becoming a pressing issue, particularly in developing nations. With this product cloning should not be an issue, as these cards are unique with the microchip magnetic strip. Even with successful cloning the cards will not operate appropriately without the multifactor biometric screening. Consumers are safeguarded from this type of attack.
According to the authors, financial institutions have an obligation to protect their customers from ATM card cloning and other forms of fraud. Consumers also feel these need for protection from their mobile wallet providers. Our various levels of fraud protection in addition to various forms of protection deliver on this promise to make consumers feel more secure. Additionally, they emphasize the importance of informing customers about the risks associated with cloning ATM cards and the preventative measures they can take. This education will be provided within the app. The product will have daily pop-ups featuring methods of identity protection.
The article “Advanced assurance Risks: Liu and co. “A Never-Ending Challenge for E-Commerce” (2022) examines the challenges posed to the internet business industry and the risks of web business associations. The risks can entail money mishaps, loss of client trust, and mischief to reputation. These are the direct threats to our innovation, as these three things will make or break our business.
The article presents various ways for e-commerce businesses to safeguard themselves against cyberattacks. These methods consist of firewalls, interruption identification frameworks, encryption advances, and representative instruction and mindfulness programs are instances of these. All of these methods will be built into our innovation as a secondary security measure addition to the security of the primary mobile wallet the consumer will be transferring to our product.
Liu advises that collaborating with e-commerce businesses, law enforcement agencies, and other stakeholders in the fight against cyber security threats is essential to the survival of a business. The owners of our product are in agreement of collaboration with law officials and in addition intend to comply with all legal compliance and laws. The authors suggest that by sharing information and best practices, the industry can benefit from improved cyber security and the product owners intend to foster this environment for all mobile wallet system stakeholders.
Mobahat (2010) examines the difficulties of implementing authentication and cryptography in low-cost radio-frequency identification (RFID) systems in his article “Authentication and Lightweight Cryptography in Low-Cost RFID.” Because of the way that RFID frameworks are vulnerable to different assaults, including listening in, information control, and data fraud, the creator contends that cryptographic techniques can be used to improve security.
An overview of the various RFID systems and the security risks they face is provided in this article. The author examines the limitations of existing security components and asserts that lightweight cryptography may be a reasonable option for inexpensive RFID frameworks. This form of cybersecurity is a bit high level to be marketed to consumers and would likely cause confusion. It is incorporated into the security of our mobile app systems. What can be marketed is that it will prevent replay attacks and man-in-the-center attacks and provide common authentication between a user and an RFID tag and the data Mobahat provides in this article backs that up.
Data fraud’s impact on buyer trust and saw security in online businesses is examined in Saleh’s (2013) article, “The Effect of Wholesale Fraud on Saw Security and Confidence in Web-Based Business.” The creator battles that wholesale fraud is a central issue for shoppers of web-based business stages and that it can possibly sabotage their trust in internet-based exchanges.
The different sorts of data fraud and what they mean for purchaser conduct are examined in the article, which likewise remembers a survey of past exploration for the subject. Also, the creator underlines the meaning of safety efforts like confirmation, encryption, and safe installment frameworks in laying out purchaser trust in online business.
The reason for the overview, which was done on an example of individuals who use web-based business, was to decide what data fraud meant for individuals’ impression of security and confidence in web-based exchanges. The findings indicate that identity theft is a significant concern for e-commerce customers and has the potential to significantly undermine their trust in online transactions.
A number of suggestions for increasing customer trust and perceptions of security are also discussed, as are the implications of these findings for e-commerce businesses. These include using trust marks and other external supports to build customer confidence, providing clear and straightforward information about security strategies, and areas of strength for executing measures.
In general, this source emphasizes the significance of addressing the issue of identity theft in e-commerce and offers recommendations for improving consumer trust and safety perceptions. The article gives important bits of knowledge into shopper mentalities and conduct toward online business, which can be useful for online business organizations expecting to increment customer trust and improve security.
In the article “Responsiveness of criminal law to skimming crimes in the era of Industrial Revolution 4.0 (Four point zero),” Suryadi (2021) investigates the responsiveness of criminal law to skimming crimes in the era of Industry Revolution 4.0. The author argues that criminal law must keep up with technological advancements that have made it possible for crimes like skimming to be committed more effectively in order to effectively prevent and punish them.
According to the article, skimming offenses include the theft of Mastercard data using skimming devices. Suryadi says that during Industry Revolution 4.0, skimming crimes got more sophisticated, making it harder to find and stop them. The creator thinks about Indonesia’s ongoing regulations and guidelines on skimming violations to those in different nations like Australia and the US. To hold individuals back from succumbing to skimming violations, Suryadi underlines the requirement for powerful guideline of the deal and utilization of skimming gadgets as well as the meaning of instruction and public mindfulness crusades.
Suryadi also emphasizes the need for financial and law enforcement agencies to work together and coordinate their efforts to successfully prevent and combat skimming. To this end we will be reporting all detected fraud to the appropriate law officials and submitted proposed guidance to law makers as we discover new technology deployed to commit fraud.
My data has been stolen several times throughout my life. At work a hacker was able to steal all my personal information from my employer. As a Facebook user my data was leaked, some would say sold to Cambridge Analytica through improper data collection without appropriate consent. The most devasting data breach of all involved my first credit card.
I checked my statement to see several charges I did not recognize. They totaled over $2000. I was a college student and barely had $200 in my account, and I was working for a little over minimum wage part-time to supplement my living expenses that weren’t covered by tuition. My credit card was still in my wallet in Virginia, while someone in Atlanta went on a spending spree. Three different times in one day they ran up charges of $600 at P. Diddy’s restaurant Justin’s. A restaurant I have never had to pleasure of visiting. They also spent $300 several times at other various stores throughout Atlanta. The place I had desperately wanted to attend college and yet had never visited.
I almost had a panic attack looking at the charges. I was baffled and horrified that someone was able to enjoy a spending spree on my credit card, without even stealing it out of my wallet. Even worse I might be responsible for paying back this money. I was able to work with my local bank to report the charges as fraudulent and get them reversed. Luckily, I was able to learn about credit card fraud protection and how to navigate that process. I learned for the first time that this was a common occurrence with the use of credit cards. Being left with no idea how my information was stolen and used, I became wary of using any credit cards in the future.
I would later learn there were several ways a thief could have obtained my information. They could have used a device skimmer to steal my number while I swiped my credit card and produced a cloned card. This is why we decided to make our cards strip different from typical magnetic cards to prevent this type of theft. No one will be able to clone our consumers cards due to our proprietary use of a microchip swipe card.
The scammer may have also utilized the dark web to purchase my credit card information and a clone card. They could have even put their own hacking skills to the test to steal my information independently. This is why we offer the multifactor authentication. If a devious person can obtain a customer’s information through dark means, they would not be able to make the purchase without the appropriate fingerprint, device, or facial recognition. The customer would be instantly alerted of the fraud attempt and would be able to contact their financial institution to report attempted fraud and get their information updated. Should the hacker be skilled enough to defeat our multifactor authentication, which is highly unlikely, the offered fraud protection will provide insurance for customers incase their mobile wallet or bank does not offer fraud protection. Bitcoin does not currently have fraud protection so this service would be perfect for customers utilizing that currency.
This mobile wallet will also serve a function in the Human Services field. Customers who receive government assistance will be able to load their benefits on to this card to provide them with fraud protection. Many forms of government assistance have low levels of fraud protections for its consumers. SNAP cards in Virginia only have a magnetic strip. They do not utilize microchip, touchless technology, or encryption. They only utilize a basic magnetic strip that is the easiest credit card to perpetuate fraud against. They are also dependent upon a grocery store accepting SNAP as a form of payment. With our product members will be able to shop at any grocery store and government officials can rest assured that member will only be allowed to purchase the intended items. It will assist customers that have difficulty keeping track of multiple cards due to homelessness, mental health concerns, and/or intellectual disabilities. The government will also be able to decrease its liability for lapse in judgement of employees or more vulnerable systems with access to the information of this vulnerable population with the fraud protections now available to consumers.
This innovation would also be helpful for personal accounting. It assists customers with tracking multiple budgets and expenses in one area. It also could be utilized for businesses employees for utilizing paychecks and Health Savings Accounts by connecting them to this app and using the card to access funds. Our product is not only innovative it also has boundless limits for utilization for unique needs and circumstances.
Phase one would be testing of the product owners. If the owner doesn’t like the product, then the product is not effective. You can’t sell something you don’t believe in and believe is effective. It must work as intended as well.
The next phase would be to see if our product is effective would require a beta testing phase. We will need to identify a groups of beta users willing to test out our product and sign a confidentiality agreement during this process. The beta testers will give us feedback on the design of the product, ease of use, any bugs detected, likeability and how they rate the product. This data will be crucial for product improvement and determining if the product is effective enough to move forward as it moves closer to debuting on the market.
Following this the product would go to market. Market is the real test of effectiveness. The product will have to meet benchmarks and projections each quarter. These benchmarks will consist of adoption, sales, and number of users. If these numbers on average continue to climb, then the product is effective on the market. If these numbers decrease on average, then the product is ineffective and will need further testing on consumer opinion.
The last benchmark of success would lie in systems security. Month over month monitoring occur to monitor how often a claim is filed through our selected fraud protection vendor. Firewalls will be monitored to see if there were any irregular traffic that would indicate a data breach. If our product experiences a high level of fraud towards our customers, then one of the main functions of the product is ineffective and will have to be recalibrated. If consumer trust is lost in this area our product will be practically unsellable.
On the merchant side, Host Merchant Services also reports that vendors are excited to adopt mobile wallets in their stores as a method of payment. Being able to have vendors willing to adopt our service will be one measurement of success. We should aim to have 50% of targeted vendors adopting our technology as benchmark of success. On the consumer side, we will need to have 50% adoption of our mobile wallet of targeted consumers in the first year as a benchmark of success. Following product launch for a year we will need to maintain a 90% rate of identifying and preventing fraud to consumer accounts.
If all those success benchmarks are met, then we will be able to move to the financial benchmarks of success. In the first year we aim to break even with expenses to launch the product. Being that this is a virtual product the main expense will be salaries, tools and equipment. We will save on office costs by having remote employees.
To make this innovation a reality there are various steps we will have to take. First and foremost, we will need to protect our claim and ability to launch our innovation. We will need to select an excellent legal team. We will need the attorneys to review with us how to store data appropriately and to inform us of regulations that our software will need to be programmed to comply with. We will also need to determine what banking and finance regulations will apply to us as third-party facilitators. It will be important to ensure that our product is legal in all areas of operation and determine the territories that we could legally expand into in the future.
The product will need to ensure to have a patent filed. Attorney’s will have to ensure that it will not interfere with any patents of the other products it will be compatible with. It will be especially important to patent the microchip magnetic swipe technology, so that competitors do not implement this innovation into their product without compensating us. This will need to be completed in any states/countries we plan to allow our product to be utilized within.
Other important legal matters would be filing for S Corp and/or LLC status. Having a legal agreement between our team to make sure everyone is compensated appropriately and agreeable to the ownership split and responsibilities. The attorney will need to draft a term of service for our consumers to ensure we limit liability against any future lawsuits. The last business legality to handle would be registering our business to obtain licensing and permits to operate.
The team will then need to determine how we will market and brand our product. We need a good campaign to ensure our target audience knows what our product is, because what good is a product that no one knows to purchase? Selecting influencers on various social media platforms would need to be contacted and offered partnership deals to market our product. We will need to arrange for the team to attend various technology related events to advertise and talk about our product.
The most important part of preparing to launch this product on the market will be product development. The team will need to build our mobile app and complete testing to ensure it is operable, user friendly, and well designed. The product will need to be able to scale to size depending on the technology used. The biometric scan and multi factor authentication must be flawless and tested for defense against hackers. The most important piece will be sure to ensure that it is safeguarded from data breaches as this is one of the main selling points of our product. Prototypes will be used to complete market testing and see if the product is viable and if consumers find it easy, enjoyable, and secure to use. The product can’t move forward without the buy in of potential consumers.
Staffing and investment for the product will need to continually be assessed. The product might warrant the need to hire more employees or contract other vendors to help us meet contractual deadlines. This will largely depend on staffing, revenue, and available funding. If the team does not have enough savings, we will have to research loan or find a vehicle with which to raise capital. This will assist with the assessment of staffing levels.
With this product we are taking an old product, a credit card, and using it in a new way. Mobile transactions are popular, and their use is increasing, but growth is slower than it could be due to inconvenience and security challenges. This product is the natural evolution the goal was to create a mobile wallet that allows customers to use their preference of currency in any physical store without restriction while being confident in its security. The customers will be able to use any mobile device without worrying about the iOS system or merchant acceptance. The product will be accepted anywhere credit cards are accepted without limitation and customers will be able to monitor their transactions and cryptocurrency for multiple mobile wallets within one app.
Going into this project one would think that fraud was the only security and regulations to be concerned about in the case of e-wallets. More was revealed about the process of cybersecurity regarding the banking sector. There are different regulations, such as PCI DSS that restrict the process of product development. Banking is a highly regulated field, even with cryptocurrency and e-transactions which are in the infancy stages of regulation. These regulations do tie into the field of cybersecurity well.
During the project to develop this innovation crucial insights were revealed. Entrepreneurship is a multidisciplinary undertaking that requires a team of individuals willing to listen, learn and work hard. It takes the right group of people to be able to identify the talents on a team and put them to efficient use. Navigating different personalities and work ethics can be different when everyone has an equal stake, but different ways of completing a project and obligations. Having different backgrounds and viewpoints is a great asset. It helps you see things in a different way, just the target consumers will.
The number one takeaway from this project is that with the right team this product can be a great innovation. If this product was to launch, it would be wiser to scale and market it to a smaller audience to start with. Partnering with a local city government office to pilot food stamps would be a great first test case for the product. The team did dream big, going through the process it was realized that trying to do too much at once can deplete resources and require many staff. This is inaccessible without a large investment.
This mobile wallet system revealed to the team what it takes to launch an entrepreneurial venture. We now understand the challenges and possibilities of a mobile wallet and the need to differentiate an idea from a viable possibility. These lessons will be valuable should the team choose to work on their own endeavors or develop this mobile wallet system.
References
Bello-Orgaz, G., Jung, J. J., & Camacho Díaz, Y. (2019). Mobile Wallet Security: A Systematic Literature Review. IEEE Access, 7, 46076-46094.
Host Merchant Services. (2020, May 13). Mobile Wallet Challenges. Retrieved April 21, 2023, from https://www.hostmerchantservices.com/articles/mobile-wallet-challenges/
Kaur, P., Krishan, K., Sharma, S. K., & Kanchan, T. (2018). ATM card cloning and ethical considerations. Science and Engineering Ethics, 25(5), 1311–1320.
Liu, X., Ahmad, S. F., Anser, M. K., Ke, J., Irshad, M., Ul-Haq, J., & Abbas, S. (2022). Cyber security threats: A never-ending challenge for e-commerce. Frontiers in Psychology, 13.
Mobahat, H. (2010). Authentication and lightweight cryptography in low-cost RFID. 2010 2nd International Conference on Software Technology and Engineering.
Saleh, Z., PhD. (2013). The Impact of Identity Theft on Perceived Security and Trusting E-Commerce. Journal of Internet Banking and Commerce, 18(2), 1-11. http://proxy.lib.odu.edu/login?url=https://www.proquest.com/scholarly-journals/impact-identity-theft-on-perceived-security/docview/1449792093/se-2
Suryadi, A. (2021). Responsiveness of criminal law to skimming crimes in the era of Industrial Revolution 4.0 (Four point zero). Jurnal Hukum Volkgeist, 5(2), 130–142.
Vučković, Z., Vukmirović, D., Milenković, M. J., Ristić, S., & Prljić, K. (2018). Analyzing of e-commerce user behavior to detect identity theft. Physica A: Statistical Mechanics and Its Applications, 511, 331–335. https://doi.org/10.1016/j.physa.2018.07.059
Yang, J., Chen, Y., Trappe, W., & Cheng, J. (2014). Detecting Mobile Agents Using Identity Fraud. In Pervasive Wireless Environments: Detecting and localizing user spoofing. essay, Springer International Publishing.