Every day, millions of almost invisible gestures sustain the global economy: bring a card close to a dataphone, unlock the phone with your thumb, enter a PIN almost by heart. We pay without thinking too much about it, as if money had become a reflex.
In Spain, the Bank of Spain has warned that around 80% of fraud is already committed in online purchases. The total, in our country alone, is close to half a million cases according to official sources. And yet, behind this everyday gesture there is a question that we rarely ask ourselves seriously: What is safer, paying with a card or with your smartphone?
To understand the magnitude of the phenomenon, it is worth stopping for a moment at the figures. According to the World Bank, More than two-thirds of the world’s adult population has access to some type of financial account, which has skyrocketed the number of electronic payments in the last decade. More than 800 million transactions are processed daily. In parallel, cash continues to resist: in countries like Spain or Germany, it still represents an important part of everyday purchases, especially in small businesses. But the trend is clear: we increasingly pay without bills or coins, and increasingly with digital devices.
The bank card was for years the symbol of that transition. In its most modern version (with contactless technology) you can pay simply by bringing it close to the terminal. Security here is based on several pillars: the EMV chip (which generates unique codes for each transaction), the banks’ anti-fraud systems and, for purchases of a certain amount, PIN verification. It is a robust system, perfected over decades, but not infallible. Cards can be lost, stolen or cloned, and although fraud is relatively low in proportion to the total volume of payments, it does exist.
The smartphone, for its part, introduces an additional layer of complexity… and also protection. Platforms like Apple Pay or Google Pay do not directly transmit actual card data to the merchant. Instead they use a system called tokenization: the card number is replaced by a unique code that only makes sense for that operation. If someone intercepted that information, they would not be able to reuse it.
But there is something even more important: biometric authentication. To pay with your mobile phone you normally have to unlock it with a fingerprint, facial recognition or a secure code. That is, it is not enough to have the device; you need to be its owner. On the other hand, a physical card, especially for small payments, can be used without any additional verification.
That does not mean that the smartphone is invulnerable. It can also be lost, stolen, or even hacked, although these scenarios typically require more steps and technical knowledge. Besides, Mobile operating systems isolate applications and encrypt data, which adds an extra barrier against attacks.
So what is safer? In general terms, paying with a smartphone offers a higher level of security. Not because the card is insecure, but because the mobile combines several layers of protection that rarely coincide in a single object: tokenization, biometric authentication and advanced encryption. It is, in a way, a wallet that requires you to prove who you are every time you open it.
However, Security depends not only on technology, but also on behavior. A card left on a table or an unlocked cell phone are, in essence, the same vulnerability in a different form. The difference is that the smartphone, properly configured, tends to forgive more mistakes.
Perhaps the key is in how we have redefined the act of paying itself. Before it was a transfer of objects: coins, bills, cards. Now it is an identity verification. And in that change, the device that best knows who you are (your cell phone) has an advantage that is difficult to ignore.