Cybersecurity Insight

Are There Security Concerns for New Walmart Payment App?

10 Dec

Department store giant Walmart is moving into the 21st century by offering a new way for customers to pay at their stores. Using the already available Walmart app customers will be able to use Walmart Pay, a new feature that allows customers to use their smartphones to pay for items.

The technology is different from others like Apple Pay. While most of the new payment technologies use what is called near-field communication (NFC), the new Walmart Pay app feature will use QR codes instead.

Why is Walmart creating their own payment system rather than join existing apps or methods? They don’t want every customer to have to use the same device. For example, Apple Pay is only available on an Apple device, of course, and includes different stores and payment methods than Android models. Walmart wants every customer, regardless of what type of smartphone they have, to be able to use the Walmart Pay system.

While this is certainly a nice idea and a very inclusive way of allowing everyone to pay the same way, how does this method stack up in the area of security?

Currently a customer walks up to a register and pays in a number of ways. The most secure being that of using cash. The customer can also use a debit card, a credit card, a gift card, or an electronic payment method from their smartphones.

Credit card transactions are secure to a point, and there is little information being stolen from the transaction itself. It’s the information the company stores after the transaction that often gets stolen – although POS attacks have been growing in number more recently.

Using the Walmart Pay app requires that you enter in a payment method in advance. It does give you the option to split your payment into a portion of credit card and another portion cash, or gift card, or what have you. But is this really a better method of payment? Not really.

While customers can put money on gift cards that are then put in the app, most customers will have to enter their credit card information into the app permanently in order to use it for payment. This information must be stored somewhere in order to be used frequently at the store.

This is not necessarily an uncommon theme. Many companies keep a card “on file” in order to process payments, but most of the time that information is not easily accessible via someone’s smart phone.

What is stopping someone from finding a phone with the Walmart app, going to the store and purchasing using that phone? How will Walmart protect customers from more cyber crime? Will it be easier to cyber criminals to obtain customer information or are the risks the same as before?

These are all questions yet to be answered, yet hopefully we will have some answers by the beginning of 2016. Walmart is releasing the app to customers at a handful of stores by year’s end, and hopes to have almost all stores using the method by June of next year. In the meantime customer must continue to use their current payment methods – which may be more secure in the long run anyways. Only time will tell, but until companies start focusing more on security than ease of use we’ll continue to be skeptical.