Why Your Mobile Wallet May Not Be Safe Even With a VPN

If you use a mobile or digital wallet on your smartphone or other device, you might have installed a virtual private network (VPN) to protect it. However, while a VPN can obscure your digital information, it’s not enough to keep your digital wallet safe.

What Is a Digital Wallet?

A digital wallet is an application on an electronic device, such as a computer or smartphone, that stores your payment information.

This allows you to make payments using your device, without needing to have cash or a card available. Digital wallets can also store information such as gift cards, loyalty cards, and cryptocurrency.

Digital wallets make payments convenient and can prevent the loss of your cash or a credit card when you are out. They also have levels of encryption to keep your data secure as it is being transmitted. However, they also come with security risks.

Risks

Your payment information can be stolen if:

• Your device is stolen, and the digital wallet on it isn’t sufficiently protected by a password, PIN, or biometric login.
• Your phone is hacked or has malware installed on it.
• A thief gets access to your credit or debit card number and adds it to their own digital wallet, even if you don’t use a digital wallet yourself.

Can a VPN Protect Your Digital Wallet?

You can install a virtual private network, or VPN, on your digital device to hide your IP address when you access a website or application. This can obscure your digital information and provide a degree of privacy protection.

However, a VPN doesn’t protect against other ways that your payment information can be stolen, such as:

• Phishing scams that trick you into allowing a third party to access your digital wallet
• Malware on your device
• Theft of your device
• Vulnerabilities in websites or applications you visit
• Weak passwords on your device or digital wallet
• Someone else is learning your password and accessing your account

Security Flaws in Digital Wallets

In 2024, research by a team of cybersecurity experts at the University of Massachusetts, Amherst, uncovered another major and worrisome flaw in digital wallet security.

Thieves Can Add Your Card to Their Wallets

If a thief gets your credit card number, either by stealing the physical card or through a malware or phishing attack, it’s often not difficult for them to add it to their own digital wallet.

“Every bank or financial institution has a different authentication method,” explains Taqi Raza, an assistant professor at UMass Amherst and one of the researchers on the cybersecurity team.

“Some use two-factor authentication. Some require knowledge-based authentication, such as a zip code or date of birth. Some require a phone call. So there is no universal way that is being used across every financial institution and every wallet.”

In the study, Raza and his co-researchers found that it’s easy for credit card thieves to find the information required for knowledge-based authentication.

Thieves Can Keep on Spending With Your Canceled Card

To make matters worse, once the card is added to their own digital wallet, they can often keep using that card number even if you lock the card or cancel it completely.

This is because, once the card is authenticated, the digital wallet isn’t actually transmitting the card number. They are transmitting a virtual number associated with that credit account.

“Any transaction on a locked physical card will be blocked. But any transaction on an authenticated digital wallet is allowed,” says Raza.

“Because there are two identities: the physical card number, and the virtual card number…. There are so many digital wallets and so many banks, there are too many numbers to lock.”

So, even if you cancel the card and are issued a new one by the bank, Raza warns, a thief with your card in their digital wallet can keep using it.

The virtual number in the thief’s digital wallet isn’t connected to the credit card number; it’s connected to the credit account. “Since it’s still attached to the same credit account, the virtual card still works,” says Raza.

Luckily, there are ways to protect your financial information from this kind of digital theft.

Protect Financial Information in Your Digital Wallet

“The verdict is that digital wallets are secure,” says Raza. “But in the big picture, we should never fully rely on technology, no matter how advanced it is.”

He recommends that consumers take direct, daily action to protect their financial information.

1. First, whether you use a digital wallet or not, Raza recommends that every consumer enable notifications for transactions from their bank accounts or credit cards. “That way, any transaction you have not made, you get a notification and you can take action,” he says.

2. Second, if you notice suspicious transactions or if you lose a credit or debit card, contact your bank immediately.

“At the same time you ask for a replacement card, ask the bank to deregister the card from all digital devices. Then you can add the new card number back to your own digital wallets.”

This will prevent a thief from continuing to use your credit card in their own digital accounts.

3. Finally, Raza recommends that consumers always make use of two-factor authentication whenever it is available, for any kind of account.

Other steps you can take to secure your digital wallet include:

• Monitor your account: Regularly check your digital wallet and any bank account or credit card linked to it, so you can quickly identify fraud or suspicious charges.
• Avoid unsecured networks: Unsecured or public WiFi networks make it easy for others to access your device or your personal information. Don’t use them when making financial transactions.
• Secure your money: Use a reputable digital wallet provider, and don’t keep money in an app account. Transfer it to your bank account, which is likely insured by the Federal Deposit Insurance Corporation (FDIC).
• Use more than a password: Secure both your device and your digital wallet with a unique password, PIN, and biometric authentication, such as facial recognition.
• Set a spending cap: Limit the size of purchases you make through your digital wallet.
• Don’t link to social media: Don’t link your digital wallet to any social media accounts in case they are hacked or otherwise compromised.
• Know who you’re interacting with: Don’t send or accept payments from unknown accounts or click on payment links in emails.
• Have a plan for theft: Learn how to use the security software on your phone to lock it remotely and erase personal information if it is stolen or lost.

The Bottom Line

Digital wallets are becoming a common payment option. They provide a convenient way to make purchases without carrying cash or a credit card. However, as with any technology that accesses your personal financial information, it’s important to keep it protected and secure.

Installing a VPN on your device is not enough to protect your digital wallet—it simply obscures your data during transmission. You should always take steps to protect against phishing, hacking, and theft to keep your credit cards and bank accounts safe.

“Technology evolves, and as you add more features, there are more security vulnerabilities. Our habit has to be to secure our own information,” says Raza.

“Technology makes my life easier, but I should not give up everything to it. It will never fully replace my human efforts.”