Authored by a Symantec employee
Since 2014, mobile payment apps have been simplifying the way we transact with businesses, and also making it easier to send money to friends and family when we need to pay them for our share of dinner out.
Business Insider Intelligence research from December 2016 forecasted mobile payments volumes to hit $75 billion by the end of 2016 and to soar to $503 billion by 2020.1
Because cybercriminals focus on vulnerable technologies they can leverage to make quick and easy money, hackers could target these mobile payment apps. How do you keep yourself and your money safe, while also being able to take advantage of the convenience of mobile payment apps? Read on to learn about how mobile pay apps work and their vulnerabilities.
How mobile payment apps work
Most payment apps require that you link a credit card to the app, so the information is stored on your smartphone, at the ready for making future payments. When you pay for something at a store, you place your phone near the point-of-service device at the register. The terminal then reads your stored payment information wirelessly, usually by utilizing radio frequency (RF) signals, to complete the transaction.
However, you can pay using your phone even without apps. Some companies, such as your phone company, may allow you to pay your bill using standard text messaging. Mobile payment apps are a little different and come in a two main categories:
NFC mobile payment apps
This type of mobile payment app uses near-field communication (NFC) technology, which requires you to place your phone near a device to make a payment. Think Apple Pay and Android Pay.
Online wallet apps
This is where you send your money to someone without having to be in the same location. All you need to send money this way is the recipient’s email address. Your bank may offer a similar option. Think Venmo or PayPal.
The main differences between these two options are proximity or the ability to send money using just an email address or user account name.
How to make your mobile payments more secure
Of course, if you’re sending money, you’re going to want the application you choose to be secure. Some tips to make your mobile payment app more secure include:
- Choose 2FA. Two-factor authentication requires you to enter a password and a second piece of information. Usually, this is a code sent to the phone number connected to your mobile payment app account.
- Turn off Bluetooth. Bluetooth is becoming an option for wireless payments, as an alternative to RF. Remember it’s safest to turn off Bluetooth, or any other smartphone feature, until you actually need to use it. Doing so will limit unwanted access to the data on your phone.
- Keep your apps updated. One of the easiest ways for hackers to get into your private information is to exploit a known and public vulnerability. App updates patch these holes. You should also keep all the other apps on your phone up to date. Hackers who have found their way into one app might be well on their way to hacking into the rest of your phone.
- Update your OS. Another way that these holes get patched is via your operating system, so it’s important to keep your OS up to date as well.
- Check your statements. It’s easy enough to do with a mobile payment system. All you have to do is open up your app and look for unusual charges. Don’t overlook small charges. Hackers and identity thieves often run trial charges of a few dollars or even a few cents to see if you will notice bigger charges.
- Try mobile security. Internet security software isn’t only for laptops anymore. It’s just as important, if not more so, for your mobile phone. Software, such as Norton Mobile Security, can help protect your phone from malware and warn you of suspicious apps, including those used for mobile payments.
- Always lock your phone. Turn on auto-lock and create a strong password or passcode. Take a step beyond physical protection by encrypting the data on your phone, too. Norton WiFi Privacy is a VPN that automatically encrypts all information leaving and entering your phone.
What’s new with mobile payments?
The newest trend in mobile payments actually comes from the oldest financial institutions: banks.
Zelle2 is the newcomer, and works inside the existing apps of large banks, such as Bank of America, Chase, and Citibank. It works similarly to Venmo, and allows you to send money to people by using their email address or phone number. There are currently more than 30 big banks backing the service, and this gives Zelle an advantage over other services by decreasing the amount of time needed to transfer funds. If the payments are being transferred between banks within the Zelle network, the funds are available immediately, without the typical one to two business days required by other services.
Stay safe when you pay
Although your chances of getting your mobile payment intercepted are relatively low, you’ll increase your security by taking common-sense precautions to protect yourself and your family. By spending just a few minutes securing your devices and your apps, you can make big strides toward making sure that your money will get to its destination safely.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.