How does my digital wallet actually work?

Hi, Friends —

✰ Welcome to [our digital disco]! This week, we’re exploring how digital transactions and wallets work, and why this matters to you. You can also check out the last newsletter here.

☞ Why should I care about my Digital Wallet?

Digital Wallets are becoming essential in our daily lives — how we interact with merchants, verify our identities, and even access spaces. The three key implications? Data brokering, digital inclusion, and security.

1. Data Brokering

Now, here's where it gets interesting. This digital shift isn't just about making things more convenient for us; it's changing the game for businesses too. Digital wallets collect significant information about us — our spending habits, travel choices, and preferences. Businesses can use this information to understand us better and offer services tailored exactly to what we like. This data can also be sold and abused without your consent — check out my piece on data brokers and their shadow trade for more.

2. Digital inclusion

Digital Wallets remain a contentious subject for those seeking digital and financial inclusion. As of 2022, some 1.4 billion adults worldwide remain without a bank. On one hand, the widespread adoption of mobile phones opens up new avenues for financial inclusion through digital wallets. Putting finance activities on a mobile device creates a gateway to banking services for the unbanked and underserved — fostering economic empowerment and bridging the gap in financial accessibility. However, Digital Wallets can inadvertently worsen the underbanked issue due to technological barriers and digital literacy challenges. These require smartphones and internet access (excludes those without these resources), digital literacy, financial literacy, and adequate banking resources. To truly address financial inclusion, Digital Wallet initiatives must tackle these barriers to ensure global, inclusive accessibility.

3. Security

Overall, transacting through a Digital Wallet is safer than with a physical card because it leverages advanced security measures which reduce the risk of unauthorized access and fraud. Encryption and tokenization (more on these below) ensure sensitive data is stored and transmitted in a secure, unreadable format, while biometric authentication (fingerprint or facial ID) adds an extra layer of personalized security. Further, the absence of a physical card eliminates the risks associated with card skimming. Many digital wallets offer remote locking or wiping features to safeguard stored information if you lose your device. These features make Digital Wallets a more secure, resilient option. Nonetheless, security risks do need to be highlighted. Malware or hacking attacks can exploit vulnerabilities in mobile devices, especially if you neglect to update your phones with the latest security patches. Individuals attempting to bypass security also pose a risk to the integrity of digital wallets, emphasizing the importance of robust encryption methods.

☞ How does Tap-to-Pay actually work?

1. Adding a card to your Digital Wallet

• When you upload a card to your Digital Wallet, the card details are encrypted and stored temporarily. Encryption transforms the original card details into a secure and unreadable format.

• The Wallet then generates a unique token* to represent and replace the card data. This token is essentially a special code — specific to the device, the card, and the card network — that is stored for future transactions and adds security by substituting sensitive data.

  • Apple Pay stores this token on a physical chip build into the device. iPhones and Apple Watches contain a dedicated chip, known as a “secure element,” for this purpose.

  • Google Pay stores this token in the cloud, rather than using a physical secure chip in the Google device.

2. Validating your card

• The Wallet sends an authorization request to the card network* (eg, Visa, Amex) to validate that this card exists and you are its owner. The request includes only the tokenized representation of the card, rather than the actual card details.

• The card network, upon receiving the request, leverages its mapping system, which allows it to decode the token and associate it with the actual card details stored in its database.

  • The card network communicates with the bank that issued the card (e.g., Chase, U.S. Bank) to confirm the the cardholder's details.

• If approved, the card network sends confirmation to the Digital Wallet, verifying that the tokenized card has been successfully authorized for transactions.

• The Digital Wallet i) updates its records to indicate the card’s successful verification, and ii) securely stores the tokenized representation of the card.

3. Using your Digital Wallet for Tap-to-Pay

• When you pay with a card in your Digital Wallet, you need a payment terminal that accepts contactless payments (tap-to-pay).

  • Modern payment terminals (also known as a card readers or point-of-sale (POS) terminals) read the information stored on payment cards, then securely connect with card networks to verify and process transactions.

  • If a payment terminal supports contactless payments, it leverages Near Field Communication (NFC)* technology. NFC uses a special frequency of radio waves to enable wireless communication between devices in close proximity (a few centimeters).

• When you tap your device on the contactless payment terminal, your Wallet generates a new, dynamic token which combines the tokenized card with transaction details, including the payment amount. This second token is distinct from the tokenized card in storage and is used only for that specific transaction.

• Through your device, the Wallet sends the dynamic token as a signal to the terminal, indicating a transaction is about to take place. (Your device may now ask you to authenticate the transaction using Face ID, Touch ID, or a PIN.)

• The payment terminal forwards the tokenized transaction details to the card network, which then communicates with the user's bank (card issuer) to authorize the payment. Once the payment is authorized, a confirmation is sent back through the secure channel, and the transaction is completed.

Digital Wallets and their payment services serve as the intermediary, orchestrating the collaboration between users, card networks, and banks to digitally store payment cards and facilitate transactions using technologies like NFC and tokenization.

☞ What about the other items in my Digital Wallet?

Whether boarding a flight, attending a concert, or a entering a building, having your tickets, IDs, and other passes — also known as digital assets — on your mobile device ensures quick access. No more fumbling through paper tickets or searching for confirmation emails.

Unlike digital cards, which emphasize tokenization for secure payments, digital assets prioritize secure representation — codes that validate your identity without revealing underlying details.

1. Adding a Digital Asset to your Wallet

• When you add a digital asset to your Wallet (e.g., tap “Add to Wallet” button in an email), the provider, such as an airline or event organizer, shares the pass data with the Apple Wallet.

• Once received, the pass data is securely stored on the user's device (allows for offline access) and in the cloud (facilitating real-time updates and backup).

  • The pass data may be subjected to encryption and/or tokenization, depending on the level of security required. A digital Government ID will undergo more rigorous encryption compared to a digital concert ticket.

2. Using your Digital Asset

Digital assets usually leverage either NFC (similar to digital payments) or visual representations (QR codes or barcodes).

• QR codes and barcodes: The Digital Wallet verifies the provider’s information, then generates a visual representation — such as a QR code or barcode — of the asset’s data. When your digital asset is scanned, the receiving system decodes the data embedded in the QR code or barcode, validates the data against its records, and authenticates the request (e.g., allows you into the concert).

  • Pros: Cheaper and less tech-intensive; Often preferred when paper or physical tickets can be used interchangeably.

  • Cons: Security relies on the integrity of the printed or displayed code.

• Near Field Communication (NFC):When you tap your device on the reader (e.g., a terminal at the ticketing gate), the asset’s data is transmitted to the reader, which then validates the data, and if successful, takes the appropriate action (e.g., grants access to a venue).

  • Pros: Offers a higher level of security, reducing the risk of unauthorized interception. May involve tokenization or encryption of data, making it more secure for sensitive information.

  • Cons: Setting up NFC can be expensive, especially if installing new equipment. Scanners for barcodes or QR codes are more widely used, and the cost to switch to NFC may not be considered worth it.

☞ Who (and what) are the key players in digital payments?

• Token: Substitute for sensitive information, such as credit card numbers. Tokens are codes generated to be both unique (one-of-a-kind) and encrypted (transformed into a secure, unreadable format) to reduce the risk of exposure in digital transactions.

  • In digital transactions: The token, rather than the actual card details, is transmitted during the payment process, reducing the risk of data breaches or unauthorized access.

  • In digital wallet storage: Each payment card stored in the wallet is associated with a unique token, allowing the user to make payments without exposing the actual card details.

• Digital Wallet: Virtual tool that allows users to securely store & manage digital versions of payment cards (credit & debit cards) and other digital assets (loyalty cards, concert tickets, boarding passes) on their smart devices

  • Facilitates payments by storing card information in a digital format (tokens) and using tech (like Near Field Communication, NFC) to enable seamless transactions when a user's device is brought close to a compatible terminal

• Digital Card: Virtual representation of a physical card, typically stored in a digital wallet; includes details like card number, expiration date, and security code

  • Enables electronic transactions without a physical card by providing a secure, digital format of card details that can be used for transactions through digital wallets (and tap-to-pay) or payment platforms (online purchases)

• Card Network: Card networks, such as Visa, govern the payment process through global electronic payment systems. They facilitate transactions among sellers (merchants), financial institutions (banks), and buyers (consumers)

  • Facilitates digital transactions by providing a standardized network for communication between issuing banks, acquiring banks, and merchants. When a user initiates a digital payment, the card network validates and processes the transaction, ensuring security and interoperability

• Bank: A financial institution that provides a range of financial services, including accepting deposits, providing loans, and facilitating various financial transactions

  • Plays a crucial role in digital transactions by holding customer accounts, issuing payment cards, and providing the infrastructure for electronic fund transfers. Banks authenticate and authorize digital transactions, ensuring the secure movement of funds between accounts and contributing to the overall reliability of the digital payment ecosystem

✿ As always — any and all feedback is welcome! In the meantime, give someone a hug and say an ‘I love you’ this week. Make the world a little happier.