The Youths Have Spoken: Wallets Are Uncool. Go Digital.

By Brian X. Chen and Yiwen Lu

To a growing number of youths, a wallet stuffed with cash and cards is as unfashionable as the millennial tuck, no-show socks and skinny jeans. Carrying only a smartphone is the way. Iykyk — that’s “if you know, you know,” for those who don’t know.

I, Brian Chen, a graying 39-year-old tech columnist, am not one of those in the know. It’s unfathomable to me to part with my wallet, which holds crucial items like my driver’s license. So in an effort to be hip again, I recruited my 23-year-old colleague Yiwen Lu to ask the young ones how they live like this, and then I took the jump myself.

In ditching my physical wallet, I am joining youths like Ruby Hegab, a 19-year-old student in Fremont, Calif. As soon as she got her first credit card last year, she said, she went all-in on using her iPhone to pay for groceries, parking meters and restaurant meals, and for carrying insurance cards.

“If a store doesn’t accept Tap to Pay, I won’t give them business,” Ms. Hegab said. But that rarely happens, because the overwhelming majority of merchants she visits, including big box retailers and mom-and-pop shops, now accept some form of mobile payment from services like Apple Pay and Venmo.

In a survey asking just over 2,500 Americans about digital payments, some 80 percent of Gen Z respondents said they were using mobile wallets, and among them, half were eager to use their phones for much more than paying for things, according to recent data from Pymnts Intelligence, a research firm that studies commerce.

Younger people are increasingly using their phones for purposes that older adults would use a traditional wallet for, like carrying documents such as a driver’s license, boarding passes and event tickets. Some of these digital items can be added into the Apple and Google wallet apps, while others, like insurance cards, can be downloaded through third-party apps.

The shift in behavior is a reflection of how far mobile wallets have come. About a decade ago, when I covered emerging mobile payment apps, most people shrugged at the technology because tapping a phone on a scanner was no more convenient than swiping a credit card. In recent years, amid a global pandemic that drove people toward contact-free payments, Apple and Google expanded their software to support digitized driver’s licenses and transit cards, a perfect storm that made mobile wallets more useful.

Braving it without a wallet for a week, I used only my phone to do my shopping; go to bars, out for dinner and to the movies; and even buy crab from a fisherman’s boat. The phone sufficed in almost all those situations, though paying for dinner was more complicated and using a digital driver’s license to buy wine at a grocery store was a nonstarter.

If you’re hoping to ditch your wallet or simply want to cut down on some bulk in your pocket, here’s what you need to know.

Payments

In many stores, Android and iPhone users can use Google Pay and Apple Pay by tapping their phones on readers next to the cash register. Many small businesses such as food trucks accept payments through third-party apps like Venmo, which let you scan a bar code to send money.

Yet there is inherent risk when you rely fully on a mobile wallet. Abi Hoyer, 21, in Punta Gorda, Fla., said she didn’t carry a wallet for safety reasons: In the event of a mugging, a thief would get only her phone. Still, thieves could potentially make payments and drain money from your account if they coerced you into sharing your passcode.

That’s why it’s important for iPhone users to activate a new safety feature in settings called Stolen Device Protection, which prevents passcode access to data such as passwords and stored credit cards when the device is in an unfamiliar location. And Android users should be aware of the steps to lock and purge data from the device in the event of theft.

In addition, not all businesses take mobile payments. Ms. Hoyer learned this the hard way at Walmart when she discovered she was unable to pay for her items and didn’t have her full credit card number to sign up for the store’s wallet, Walmart Pay. One workaround: Password manager apps like 1Password and Bitwarden can safely store sensitive data including credit card numbers in case you need to look them up.

Jillian Gillespie, 27, in Chicago, switched to Apple Pay after losing her wallet over a year ago, she said. This works out fine for fast-casual restaurants where you pay at the counter, but at sit-down restaurants where waiters drop off a bill and expect to run a credit card, she occasionally has to rely on friends to pay. In those cases, she typically uses Venmo to reimburse her friends.

“I don’t really carry my wallet around with me, which sometimes can bite me in the butt,” Ms. Gillespie said.

I ran into similar snags. Out of three restaurants, only one brought a reader for me to tap my phone to pay, while the others asked for a credit card, which required my wife to pay.

Insurance cards and other documents

Digital scans or photos of important documents like health insurance and car insurance cards are now broadly accepted as substitutes for the real thing. Some insurance providers, like State Farm, Aetna and Anthem, make their digital cards available through their apps, which can be added to your mobile wallet. Not all insurance cards work this way, though, and it can be a hassle to find those cards at a moment’s notice — you don’t want to be stuck sifting through photos or finding the right app to load your insurance card after a car crash, for instance.

I found that the simplest method to make insurance cards easy to look up is to attach images of all of them to one digital note stored on your phone. On iPhones, you open your photo of the insurance card, tap the button in the lower left corner and select the Notes app to save the image to a new note. Then rename the note “Insurance Cards.”

Similarly, Android users can use the Google Keep note-taking app. In Keep, at the bottom tap “add image.” Then pick the photo of your insurance card and label the note.

Other types of cards and documents, like my Clipper card for public transit, movie tickets and gift cards, were all simple enough to digitize: Tapping the Add to Apple Wallet button loaded them inside my Apple wallet app.

Identification

Digitized versions of driver’s licenses are still relatively new and being tested in various states, including California, Arizona, Connecticut, Maryland and Utah. This is where the mobile wallet falls short.

Here in California, for example, you sign up for the digital driver’s license through the California Department of Motor Vehicles app. The app generates a temporary bar code that can be scanned to verify your age and identity. Airports in some states now display signs stating that they will accept the digital ID from those who have signed up for the Transportation Security Agency’s PreCheck program — but many states have yet to participate in this experiment, which makes it impractical to leave your driver’s license at home.

The digital ID is also not yet an acceptable substitute for a physical driver’s license. The California D.M.V. says law enforcement officers cannot accept the mobile driver’s license if you are pulled over, and Arizona’s Motor Vehicle Division says people are still required to carry a physical ID.

In the event of an emergency, a person may also have trouble identifying you. Apple’s Medical ID and Google’s Personal Safety features can be set up to show people your name, age and emergency contacts by pressing a shortcut on the phone — but emergency medical workers would have to know how to use the feature.

So it’s best to continue carrying a physical ID. To do that without carrying a wallet, you could do what some younger people do and sandwich the ID between your phone and phone case. I found that to be an imperfect solution because the card elevates the phone closer to the edges of the case, which makes the screen more susceptible to damage when it’s dropped.

After a week, I settled on what I felt was the best solution: a magnetic wallet that attaches to the back of my phone and carries only two cards — my ID and one credit card.

That felt like cheating. But Ms. Hegab, the 19-year-old, admits that she uses a similar card holder for carrying only her driver’s license.

As soon as digital driver’s licenses work everywhere, she said, she’ll be getting rid of it.

The New York Times

A North Korean military intelligence operative has been indicted in a conspiracy to hack into American health care providers, NASA, US military bases and international entities, stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday.

The indictment of Rim Jong Hyok by a grand jury in Kansas City, Kansas, accuses him of laundering the money through a Chinese bank and then using it to buy computer servers and fund more cyberattacks on defense, technology and government entities around the world.

The hacks on American hospitals and other health care providers disrupted the treatment of patients, officials said. He's accused of targeting 17 entities across 11 US states, including NASA and US military bases, as well as defense and energy companies in China, Taiwan and South Korea, according to The AP.

For more than three months, Rim and other members of the Andariel Unit of North Korea's Reconnaissance General Bureau had access to NASA’s computer system, extracting over 17 gigabytes of unclassified data, the indictment says. They also reached inside computer systems for defense companies in Michigan and California, as well as Randolph Air Force base in Texas and Robins Air Force base in Georgia, authorities say.

The malware enabled the state-sponsored Andariel group to send stolen information to North Korean military intelligence, furthering the country’s military and nuclear aspirations, federal prosecutors said. They've gone after details of fighter aircraft, missile defense systems, satellite communications and radar systems, a senior FBI official said.

“While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.

Online court records do not list an attorney for Rim, who has lived in North Korea and worked at the military intelligence agency’s offices in both Pyongyang and Sinuiju, according to court records. A reward of up to $10 million has been offered for information that could lead to him or other foreign government operatives who target critical US infrastructure.

The Justice Department has prosecuted multiple cases related to North Korean hacking, often alleging a profit-driven motive that sets the nation's cybercriminals apart from hackers in Russia and China. In 2021, for instance, the department charged three North Korean computer programmers in a broad range of hacks including a destructive attack targeting an American movie studio and the attempted theft and extortion of more than $1.3 billion from banks and companies around the world.

In this case, the FBI was alerted by a Kansas medical center that was hit in May 2021. Hackers had encrypted its files and servers, blocking access to patient files, laboratory test results and computers needed to operate hospital equipment. A Colorado health care provider was affected by the same Maui ransomware variant.

A ransom note sent to the Kansas hospital demanded Bitcoin payments valued then at about $100,000, to be sent to a cryptocurrency address.

“Otherwise all of your files will be posted in the Internet which may lead you to loss of reputation and cause the troubles for your business,” the note reads. “Please do not waste your time! You have 48 hours only! After that the Main server will double your price.”

Federal investigators said they traced blockchains to follow the money: An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents before it was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed from an ATM in China next to the Sino-Korean Friendship Bridge connecting China and North Korea, according to court records.

In 2022, the Justice Department said the FBI seized approximately $500,000 in ransom payments from the money laundering accounts, including the entire ransom payment from the hospital.

An arrest of Rim is unlikely, so the biggest outcome of the indictment is that it may lead to sanctions that could cripple the ability of North Korea to collect ransoms this way, which could in turn remove the motivation to conduct cyber attacks on entities like hospitals in the future, according to Allan Liska, an analyst with the cybersecurity firm Recorded Future.

“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.

He also noted that a Chinese entity was among the victims and questioned what the country, which is an ally of North Korea, thinks of being targeted.

“China can’t be too thrilled about that,” he said.

The Youths Have Spoken: Wallets Are Uncool. Go Digital.