PII Digital Wallet Security — Learn Before You Leap
By: Jim Stickley and Tina Davis
May 15, 2024
It wasn’t long before the success of digital wallets led to the same idea for storing your PII. But there’s a big difference between storing credit cards versus storing your driver’s license, passport, and other sensitive, personal info. After all, it’s uber-convenient keeping this information in one “identity” wallet. The reality is, the risks can outweigh the rewards and any cybercriminal can tell you that — or would they?
You can store a range of identity documents in these digital wallets. Beyond the usual driver’s license and passport, ID’s having to do with work and school, employee records, and other verified credentials are welcomed. Documents stored in PII wallets are limited only by your need or desire to have them all in one convenient place.
Are PII Wallets Risk-Worthy?
No one denies that the concept of PII wallets are welcome since they provide easy, convenient access, encryption, and the ability to enable authentication like 2FA. But what happens when security controls aren’t enough?
One thing to know is that like banking wallets, PII wallets are also apps and that makes them vulnerable to cybercrime. The Anatsa Trojan used overlay phishing screens on banking apps as its weapon of choice. This overlay covered the app’s screen with a fake, malicious screen.
Anatsa Trojan’s overlay tricks a user into clicking on it or providing sensitive information. This banking trojan did just that, stealing user credentials and financial information. Similar attacks and other hacks can happen to PII wallet apps, too. And remember, both Google Play and Apple App Store are susceptible to malicious apps; and smartphones are, too.
Take Preventive Action
- Before you download any app, make sure to read reviews. Take the negative ones seriously, but also take the positive ones to heart too. If they seem too glowing, perhaps they are faked.
- Consider if you need a particular card or document to be stored in a PII wallet. Sometimes it’s better to keep that information in hard copy and out of cyber snoopers’ hands.
- Keep all of your apps updated. If you see that little red dot indicating an update is available, don’t delay. Those could be preventing a vulnerability from being exploited.
- Remember not click on links or attachments that you don’t expect, are from unknown senders, or in any way trip your cyber threat alarm. Those could be filled with malware.
It’s Your Call
The hope is PII wallet app developers will bake-in strong security controls keeping users as safe as they can be. But if banking wallets are any warning of that, abundant caution is needed. And if cybercriminals keep finding ways to get around security efforts, and there’s no indication they won’t, PII wallets face the same risks. In the end, it’s your choice. The good thing is, now you’re a lot smarter about these wallets than you were before.