Mobile payment applications or systems have become commonplace with the expansive growth and popularity of smartphones and other mobile devices.
Now that many more consumers are interested in using mobile payments, more devices support the concept, and more retailers accept this form of financial transaction, it is essential to evaluate how secure or reliable such payment schemes are.
Therefore, before you link your finances to a mobile device to make impulse purchases, there are several critical issues you need to consider.
5 Tips for Using Mobile Payment Applications Securely
Mobile payments have solid promise to become the dominant means of financial transactions, but some hurdles still exist.
It remains your responsibility to research thoroughly any mobile payment option before implementing it. It is your money, and you have the burden of ensuring that it has the best protection possible.
Here are a few suggestions to maximize your security and benefits while minimizing some of the downsides of using a mobile payment system:
1. Use a dedicated credit card (or another type of financial account) for the mobile payment system that is not used for any other purpose.
2. Monitor your financial statements online or through an app at least once a week. Double-check the amount before confirming any transaction.
3. Do not use an ATM or debit card, and NEVER link a checking account directly to a mobile payment system.
4. Keep your mobile device secured with storage encryption, screen lock with password/fingerprint/face recognition, and do not root your device.
5. Follow password best practices and enable multifactor authentication whenever possible.
These steps will only help if you research and select the best and most secure mobile payment solutions. Try out mobile payments, as you might find them beneficial and convenient for your everyday purchases, such as beverages, meals, public transportation, etc. But, never overlook the fact that you are linking money to your mobile device.
Linking Your Finances to Mobile Payment Applications
Most mobile payment application require linking one or more of your existing financial accounts to the mobile payment system. They might require your credit card, debit card, ATM card, or even a direct link to your checking account.
This link allows the mobile payment system to immediately apply the charges for purchases to your existing financial account.
This makes purchases convenient, but is that the best move for you financially?
If a mobile payment system can place charges onto your accounts immediately, you should have a few concerns:
- Does the mobile payment system have a per-charge transaction confirmation? (It’s helpful to know if money pulls from the account, especially if it’s unauthorized.)
- If a fraudulent charge occurs and money is taken from my account immediately, how hard is it to get my money back?
- If I decide to stop using the mobile payment system, how challenging is it to divorce my financial account from the payment system?
You need to investigate and answer questions like these about any mobile payment system before configuration and use. If you are not satisfied with those answers, then don't use that mobile payment system.
It is essential to realize that not all mobile payment application use the same security; thus, they cannot all be the best at securing your financial and personal information. Numerous mobile payment application have been compromised or shown to have weaknesses.
Some of these breaches only revealed the users' names and contact information; others revealed the vendor identity, items purchased, and the total cost, while a few have revealed credit card and bank account numbers.
When selecting a mobile payment system, be sure to review several options, evaluate their security claims, and look for information about recent hacks and updates.
Benefits and Protection Differences between Individuals and Businesses
Mobile payment application are available for use by individuals and businesses. As an employee or a business owner, you might be tempted to tie your business account to a mobile payment system.
Before you do, keep this in mind:
The law provides significant protection against loss and theft on personal accounts but very little protection for business accounts.
According to the FTC, liability for a lost or stolen credit card tops out at $50. This protection is even better for a credit card stolen before you receive it and use it; in that situation, your loss is $0. An ATM or debit card is protected, but not quite as well. If a loss or theft occurs and you report it before charges take place, your loss is $0. If you report within two business days of the charges, your loss is capped at $50. If you report the issue in more than two business days but less than 60 days, then your loss is limited to $500. Any issues reported (or not) in more than 60 business days are entirely your responsibility.
These protections make a good case of using a credit card instead of a debit or ATM card. They also make it clear that you need to be reviewing your accounts regularly for fraudulent activity.
While these are significant protections for individuals, these protections do not apply to businesses. Business protections are defined under the Uniform Commercial Code (UCC).
Generally, businesses are held liable or responsible for losses, whether to their bank account, credit cards, or debit/ATM cards. In most cases, a bank will hold the business accountable for any fraudulent charges or withdrawals made prior to reporting the loss or breach.
In some cases, businesses have been held responsible for transactions occurring after the reporting. The UCC states that a company must show due diligence to reduce its liability in the event of financial fraud or an attack against its accounts.
If you are uncomfortable with the level of risk that using a business account imparts, consider using a personal financial account for mobile payment instead.
The Trade-Off between Security and Convenience
Mobile payment application are the future of retail transactions.
Carrying around a pocket full of credit cards, ATM cards, and debit cards (not to mention the plethora of store loyalty cards) is a hassle.
Credit cards are easily lost or stolen, their bulk adds up when stacked in a wallet, and they often leave your sight when making a transaction. A mobile payment solution rids you of the task of carrying around credit cards, saves space in your pocket or purse, and never leaves your possession when making a transaction.
A mobile device can be lost or stolen, but unlike a credit card, owners can configure on-device security and support remote tracking and remote wiping. Thus, mobile payments might be a better solution . . . eventually.
The concern is that many of the mobile payment application available today do not provide sufficient security. As a result, there are lots of issues that a mobile payment user must face, such as:
- How easy is it for hackers to break into your mobile payment account and learn your card numbers?
- Can this be attempted against an online service, or must an attack occur on or against the mobile device?
- Is the mobile payment app on my mobile device at risk from malicious code infections?
If a mobile payment system stores your financial information on the device, then it is at risk of eavesdropping when being transmitted for a purchase, and it is at risk at all times from malware infection of the mobile device.
If you choose to root your phone, your device has an increased risk of malware infection as a wide range of malware can only infect a device if it is rooted. Often, not rooting is a more secure configuration to maintain, especially if using a mobile payment system.
In addition, if the mobile payment system stores your financial information in an online service database, then attacks could be waged against that service without needing to attack on or through your mobile device.
When selecting a mobile payment system, you should consider several critical security issues:
- Is the mobile payment app always active once the mobile device boots or is it only active when its app is launched?
- Does the mobile payment app time out or become disabled after an idle timeout period, or does it stay operating in the background after use?
- Does the mobile payment app require a login, PIN, or another mechanism to authorize its launch?
- Does the mobile payment app require a confirmation when a transaction is attempted?
- Does the mobile payment app display the amount being charged before the transaction can be processed?
It’s on you to consider the security and the protections a mobile payment system offers. If you are not satisfied with your findings after investigating these concerns, you should probably not use that mobile payment system.
As an alternative, if your preferred mobile payment system uses credit cards as the financial source, you can add your own protection by using a one-time or limited-use credit card. These are often called virtual or temporary credit card numbers.
Several credit card banks provide temporary numbers for use, and many offer easy access to these temporary numbers through their mobile app. If your bank does not, then there are mobile payment service providers that can help create one-time, virtual credit card numbers.
What Cybersecurity Experts Wish Everyone Knew
Whether it’s a mobile payment application or a phishy email, security risks are seemingly everywhere. Threats and attacks have also become more prevalent as attackers become more advanced in their efforts to separate you from your data, money and identity.
In a recent white paper, we break down 10 Things Cybersecurity Experts Wish End Users Knew. Read the free white paper to understand the risks of security threats and how to make best practices a daily habit.