In Wallet We Trust: Bypassing Digital Wallets Payment Security for Free Shopping

Watch an 11-minute conference presentation from USENIX Security '24 exploring critical security vulnerabilities in digital wallet payment systems. Discover how researchers from the University of Massachusetts Amherst and Pennsylvania State University uncovered serious flaws in the decentralized authority delegation of major digital wallets. Learn about three key attack vectors: exploiting authentication method agreement procedures to add stolen cards to attacker wallets, bypassing payment authorization through trust relationship vulnerabilities, and violating access control policies through payment type manipulation. Examine real-world implications demonstrated through testing on major US banks including Chase, AMEX, and Bank of America, along with popular wallet apps like ApplePay, GPay, and PayPal. Understand proposed remedies for addressing these design flaws and preventing similar security breaches in digital payment systems.