Launched for Windows 10 Mobile customers
Microsoft has announced the introduction of its tap to pay with Microsoft Wallet for Windows Insiders (build 14360 or higher) in response to feedback from customers and through the help of the company’s partnerships with MasterCard and Visa.
Microsoft Wallet is a cloud-based payment technology that will make mobile payments simple and more secure for Windows 10 Mobile devices, the company claimed.
The roll out will begin in the US on the Lumia 950, 950 XL and 650, and will be usable in over a million retail locations; anywhere you see the contactless payment symbol or the Microsoft Wallet logo at the point of sale.
In a blog on the company website, Will White, a member of the Microsoft payments team, commented: “In our increasingly mobile and busy world, our on-the-go customers want to pay for their everyday purchases without the hassle of digging through their physical wallet. In our digital stores today, whether it’s Xbox, Office or the Windows Store, our customers enjoy the ease of signing in with a Microsoft account and having their secured payment information on hand to quickly and more safely purchase products.
“Our customers have asked us to extend similar experiences to their phones and we are excited they can now enjoy easy, more secure transactions with Microsoft Wallet and tap to pay on their Windows 10 Mobile phone,” added White. “To help making shopping a breeze, Microsoft Wallet also provides one convenient place to store reward and membership numbers so all customers have to do is reference or scan them right from their phone.”
On the launch, Mark Noctor, VP of EMEA at security firm, Arxan Technologies, commented: “Although only available to a limited initial user base, the launch of Windows Wallet is yet another case for the inexorable rise of mobile payments.”
Yet Noctor warned: “As a cloud-based solution, Windows Wallet will be more flexible and easier to update, but is also exposed to greater risk if cryptographic keys or binary code are not sufficiently secure. In fact, the most prevalent security vulnerability discovered among mobile payment apps in our 2016 State of Application Security Report was a lack of binary protections, potentially enabling cybercriminals to tamper with the app to steal personal data or launch other malicious activity.
“The inclusion of reward and membership cards is a potentially interesting feature for users, but also exposes a wider scope of personal information, enabling hackers to build a more complete picture of people for use in fraud activity,” Noctor noted. “It is fundamentally important that wallets and other mobile payment apps are adequately prepared for the cybercriminals that will already be looking for vulnerabilities in the app and the way it communicates with the cloud server and other systems. While we are aware of a handful of organisations that are taking best practices approaches to mitigate risks to their apps, the reality is that the majority of payment apps remain exposed and vulnerable.”
