In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping
Raja Hasnain Anwar, Syed Rafiul Hussain, Muhammad Taqi Raza
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an era where digital wallets have become an indispensable part of our daily financial transactions, offering convenience and a perceived layer of security over physical cards, a critical analysis by researchers from the University of Massachusetts Amherst and Penn State University reveals alarming vulnerabilities. Presented at USENIX Security '24 by Raja Hasnain Anwar, this talk, titled "In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping," dissects fundamental flaws in the digital payment ecosystem that could allow attackers to make unauthorized transactions, even after a physical card has been reported stolen, locked, or replaced.
AI review
This research provides a deep, actionable dive into systemic vulnerabilities within the digital payment ecosystem, exposing how banks' "unconditional trust" in digital wallets enables persistent fraud. The detailed analysis of weak authentication, token persistence post-card replacement, and flawed Consumer Device CVM offers critical insights for banks and wallet providers to re-evaluate their security postures. It's solid work that actually matters.