15 Security Concerns with Mobile Payments – and How to Avoid Them
How Mobile Security Works and Why You Need to Know About Cyber-Security:
Mobile pay platforms are quickly overtaking more traditional payment options because of their simplicity and convenience. However their ease of use begs the question – how safe are these solutions, really?
According to a 2015 study by the non-profit ISACA, nearly half of the security experts polled were of the opinion that mobile technologies needed better security and 87 percent felt related data breaches would go up in 2016.
To their point, ITRC recently confirmed that all U.S. data breaches increased 40 percent last year, and many breaches involved issues with mobile security.
With cybercrime on the rise, how can you prevent yourself from becoming the next victim of a scam? While payment security will be an ongoing challenge, mobile transactions can be completed safely by taking the following security concerns seriously and implementing appropriate precautions.
Despite numerous security expert warnings, email users continue to fall prey to emails that appear to come from trusted senders like banks and retailers. Manipulative language creates a sense of urgency that prompts recipients to make an impulsive decision. They click embedded links and share data on non-trusted sites, download attachments that contain hidden data-mining malware or share infected emails with contacts. To protect yourself, check that email addresses always match sender names, visit sender websites via bookmarks or typed URL address bar submissions and scan all downloads with a trusted anti-virus program.
Criminals also commit fraud via Short Message Service (SMS) messages. The same phishing rules above apply to text messages. If you still doubt the origin of a message or a sender’s intentions, contact the assumed sender via a phone call to confirm that they sent you the message. Consider reaching out to your bank – but contact them via the usual channels, do not click any URLs sent via text.
“App clones”, or apps purposefully designed to look like well-known, highly-secure payment apps, make it simple for criminals to commit credit card fraud or obtain other valuable personal information. These programs either have ridiculously poor security that gives criminals backdoor access to merchant systems or contain pre-installed malware that steals financial data processed through them. Stay away from jailbroken devices, as these phones may be altered to remove developer restrictions and may accept dangerous third-party apps accidentally.
Even popular mobile finance apps have security issues. In January 2016, Arxan Technologies revealed that 90 percent of popular finance apps had two or more serious vulnerabilities. Regularly review mobile tech press releases to always know which apps are the safest in finance to use.
Criminals love mobile payment systems that have weak authentication tools. Any payment systems that you use, including e-commerce browser apps and virtual wallets, should have multi-factor authentication and multi-level data encryption. For example, a secure system might require a user ID, password and security image confirmation or message you a one-time-use PIN. The best payment systems turn your credit card data into a token so that it can’t be read anywhere else.
Some mobile users also believe foolishly that unsecured Wi-Fi spots in public places like cafes, hotels and libraries are 100 percent safe. Never perform financial transactions via mobile apps over unsecured Wi-Fi. If you don’t have a choice, use a trusted Virtual Private Network with Security Socket Layer protections and then close the connection when you are finished.
Incredibly, many people still believe that they’re safe if they pick “guest,” “123456” or personal details like birth dates and pet names as mobile device and online financial app and account passwords. Hackers have zero difficulty cracking passwords when you make it easy for them. Always use 12 digits or more that contain a mix of numbers, letters, lowercase and capital letters, and symbols.
Security suffers when you or a merchant use out-of-date mobile systems. Criminals find it easiest to attack older systems because they have had the most time to find and take advantage of non-patched security weaknesses. For the best protection, never trust outdated merchant systems and update your mobile hardware and software regularly.
Outdated and third-party mobile browsers have serious vulnerabilities. Worse yet, some third-party browsers are actually designed by scammers to inflict harm. Use a browser approved by the device manufacturer and keep its security updated.
Hackers can use keyloggers to spy on your every keystroke. Also, they use mobile scanners to spread malware. When you scan a Quick Response or bar code with a phone, you might install a data miner or visit a phishing website. Update and use your security software regularly and use extra caution when scanning codes.
The Internet of Things offers fantastic device interconnectivity at home and work and in public spaces, but it also helps hackers spread malware with ease and use networked hijacked devices, known as botnets and thingbots, as data miners, ransomware sharers and Distributed Denial of Service tools. To prevent this rise, use your mobile device’s factory-installed security software, turn off your router’s remote management tools and increase your Wi-Fi security.
Typical mobile device owners use a lot of different hardware and software systems by different manufacturers. Why is this a problem? Each system has different security flaws and update requirements. Instead of making mistakes trying to keep up with the security for all of these systems, stick with hardware and software from one or two manufacturers.
Criminals utilize mobile microphones and cameras and similar connected non-mobile equipment to gather the details that they need to steal your identity, money or property. They might listen to you input a security PIN over the phone or track your keystrokes and then burglarize your home or office while you’re away. Install programs that detect spying and turn off devices that contain listening or viewing equipment when they aren’t in use.
Criminals continuously seek new ways to commit fraud. Diligently seek out information about the latest fraud tactics and pursue new security and payment safety tips and tricks. While one anonymous hacker might attack you via a barcode scan, another might attack via a trusted company’s infected e-commerce checkout. The only defense against these ever-changing tactics is knowledge and adaptation.
Basic Human Error
People often fail to lock their screens or watch for thieves who know how to deftly lift mobile devices from public spots like tables and parked cars. They turn off security features to speed up their devices, break proprietary software to download third-party apps and fail to invest in remote device tracking and wipe programs. The best way that you can improve your security is by recognizing and avoiding these common errors in judgement.
Many concerns around the use of mobile payments stem from the fact that, in the face of rapidly changing technology, mobile security protocols haven’t been able to keep up. But as a matter of fact, mobile payment technology may actually soon be safer than the plastic you currently keep in your pocket. If you’re cautious and use common sense when making mobile payment transactions, there’s no reason your financial information should find its way into the wrong hands.
Freelance contributor for Credit.com who is interested in writing about personal finance for millennials and college students. She earned her Bachelor of Arts in English with a minor in Communication from the University of Illinois at Chicago