Mobile payments have become a part of consumers’ everyday shopping experience. 25 percent of all Starbucks transactions are now processed through mobile payments, according to Starbucks representative Kevin Johnson. Citibank has also entered the mobile payment space with Citi Pay, following in the footsteps of Chase’s Chase Pay.
With this increase in mobile payment use has come increased targeting of mobile users by cyberthieves. As you join the growing number of consumers using mobile technology for shopping, make sure you take steps to keep your finances safe.
Today’s Mobile Payment Landscape
18 percent of smartphone users have used a mobile payment app, Parks Associates research shows. PayPal is the most popular mobile payment solution. Retail apps from chains such as Starbucks are the next most popular mobile payment option, followed by Apple Pay, Android Pay and Samsung Pay.
While consumers favor PayPal, only 8 percent of retailers want to offer PayPal, compared to 67 percent who request Apple Pay. Both PayPal and Apple Pay are projected to grow in usage in the near future. Mobile payments in general will grow from $75 billion in 2016 to $503 billion in 2020, Business Intelligence estimates.
Mobile Payment Security Threats and Best Practices
While mobile wallets are considered more secure than using credit cards online because they don’t directly store credit card information on your smartphone, they still represent a target for cyberthieves. Cybersecurity experts have discovered that, unless banks take steps to verify physical ownership of credit cards entered into Apple Pay accounts, thieves can load stolen credit card data onto Apple Pay accounts by hacking the owner’s iTunes account, enabling them to make in-store purchases with the stolen data. LoopPay, which supports Samsung Pay, was hacked in 2015 by Chinese-sponsored hackers, who are believed to have left backdoors for later re-entry. Thieves can also gain access to sensitive information using methods such as exploiting browser security vulnerabilities or intercepting data sent over unencrypted networks.
To protect yourself, Bank of America recommends taking some basic security precautions. Use strong passwords for all accounts, avoiding passwords that use sensitive data such as digits from your Social Security Number. MyCheck adds that you should use mobile payment apps that require two-factor authentication, such as a password and special code sent to your phone the first time you use a particular device. You can also use a passcode and fingerprint ID scanning as a second authentication method to prevent thieves from using a stolen phone, Apple recommends.
Only obtain payment apps from reliable sources, such as the App Store or Google Play. Use apps that don’t store your credit card information directly on your phone. Most leading apps substitute an alternate code generated by your card provider and used in conjunction with one-time transaction codes generated by merchant card readers.
Only use a secure network with encryption when transmitting sensitive financial or password data online, preferably a VPN network with SSL connections. Avoid using insecure public Wi-Fi networks. When paying online, use sites with an HTTPS prefix in their URL.
Keep your operating system, browser and mobile payment app up-to-date to incorporate the latest security patches. Make sure to install anti-virus software on your phone and use virtual keyboards to avoid keyloggers, adds The Financial Express. Be mindful of phishing attacks, such as emails purporting to be from your financial provider requesting account information.
Protecting Yourself from Mobile Payment Cybercrime
In the event your device or account becomes compromised, you should have an emergency response plan in place. For instance, on an iPhone, if you’ve activated Find My iPhone on your device, you can freeze your Apple Pay app by putting your device in Lost Mode. You can also go into your iCloud.com account and remove the ability to use your credit card for payments. Apps such as FindMyiPhone also enable you to remotely erase data from your phone.
You should also contact your financial provider and notify them to suspend payments using your mobile payment app. Contact your local police as well.
Registering for a financial protection service such as LifeLock will send you alerts notifying you when suspicious activity is detected using your account. LifeLock will also work to help you recover anything you lose if you become a target of cybertheft.