Smartphone users are increasingly more comfortable storing highly sensitive personal, financial, and medical information on their devices. The adoption of digital wallets will empower individuals to manage their data and digitized assets while simultaneously providing businesses with consent-based access to verified data in a privacy compliance manner. Data loss and prevention (DLP) best practices will advance digital wallet technologies’ full potential as the need to protect the information in the wallet is critical to the technology’s long-term success.
Initial exposure to digital wallets has been through access designed into their smartphone wallet embedded into the operating system or through downloadable applications. The wallet allowed users to have a convenient way to store event tickets and travel-related documents. Today’s wallets have evolved to provide a range of services, including payment services, mobile digital driver’s licenses, hotel, and car keys, and entertainment tickets, to name a few. Recent surveys have shown that almost 75% of iPhone users have activated ApplePay on their devices.
The pandemic proved transformative to the technology when some public and private sector services mandated covid vaccination records. They became digitally enabled as credentials stored in users’ digital wallets. The biometrics and Trusted Platform Modules (TPMs) features integrated into these smartphones provide users with a heightened level of security.  It also provides options for a touchless transaction.
Digital wallets empower user-centric control over usersdata, enabling companies’ consent-based access to customer data in a privacy-preserving and data-minimizing manner. They can also promote financial inclusion, help combat waste, fraud, and abuse in the digital marketplace, and leverage public/private sector infrastructure to increase efficiency in provisioning government services.
With the broader consumer interest in digital wallets, we are now seeing some of the largest U.S. banks interested in building their own mobile app ecosystem to enable more digital wallet offerings. There is also a growing public sector push to adapt to this technology. The European Union is engaging in the public sector initiative with their revision to the electronic Identification, Authentication, and trust Services (eIDAS) regulatory framework that enables secure cross-border transactions and more predictability in proof of authentications for legal electronic transactions and documents.
The EU’s work in this emerging area has been a comprehensive workflow that includes technology, public policy, and changes in the current law to enable the digital wallet to work more seamlessly amongst its adopters. The EU has the potential to set global standards much as the GDPR did with data privacy relations around the world. Like large multinational companies built out their platform solutions engineered to the GDPR’s lowest common denominator, a similar convergence of factors occurs in the digital wallet space. The EU’s work on a foundational trusted digital identity process to create a cross-border digital program.
The Commission recently selected Scytáles AB and Netcompany-Intrasoft to build a digital wallet for Member States and other stakeholders. This wallet will also be made available for several large-scale pilots funded by the Commission to learn from shortcomings of the original eIDAS regulatory process.
Enabling the future of digital wallets will depend on government and commercial users keeping the technology easy to use throughout the process, especially with the end users feeling comfortable that their data and transactions are secured. There are issues to work through to enable higher adoption by government entities and commercial operations. Data portability needs to address how consumers can move from one platform to another. Creating a data portability process that is managed with an understanding of the increased interest in the wallets content. The need to ensure security to the data in transition and at its new location is key.
In addition to the technical standards and best practices, these digital wallets’ governance and proposed regulation are equally important. While the eIDAS 2.0 rules are still in open draft, we should avoid being overly prescriptive and recognize the multiple use cases for storing digital documents on a wallet. The evolution of the browser provides a potential analog of how future digital wallets may evolve. Today several popular computer browsers are powered by the Blink open-source browser layout engine that is part of Chromium. The Linux Foundation recently announced its intention to establish the OpenWallet Foundation to create open-source software to facilitate the development of interoperable digital wallets. Like Blink engine, the OpenWallet Foundation is not focused on building an open-source digital wallet but on engine components that third parties can utilize to develop their digital wallet solutions to enable competition and foster adoption.
We are heading down the right path to enable users to securely store and retrieve official documents and information in a user-friendly portable format. While we should applaud the EU’s current work advancing a digital wallet, the legacy work of Apple, Google, and Microsoft should be recognized. Ultimately, the consumer will determine the winners and losers in the digital wallet world. Governments should keep their constituents in mind when designing documents, trust anchors, and the ability for retrieval we use going forward.
-Shane Tews is President of Logan Circle Strategies and a Non-Resident Senior Fellow at the American Enterprise Institute
-Michael Palage is Chief Trust Officer, InfoNetworks LLC