3 Security Risks Mobile Payment App Users Face

People are flocking to download mobile payment apps. You don’t have your physical credit cards on you, which means you can’t leave them anywhere after you’ve paid. Splitting the bill at restaurants is easy when you can send money to the person across the table from you with a few clicks. In all the convenience, don’t forget that mobile payment apps are fallible, and that your bank data is at risk if you aren’t careful.

Failing to Learn About App Security Measures

Many people don’t read the terms and conditions when they sign up for new app services. When you download a new mobile payment app, at least read the segments in the terms and conditions explaining how the app protects your data. For example, Apple Pay and Android Pay create account numbers specific to your device and use those to transfer money to retailers, leaving your card information out of the equation.

However, remembering that mobile pay technology is still new and that companies don’t yet know about all security issues is key. In 2015, a Venmo user’s account got hacked, and because Venmo didn’t offer two-factor authentication at the time, the user had no idea someone had logged into his account from a different device. Venmo has since addressed the security issues, but the lesson is clear: when an app uses your bank data, it needs multifactor authentication each time you pay for something.

Relying on Weak Phone Security

If you’re going to store credit card information on your smartphone, you need to have good security set up on your smartphone. A lock-screen passcode is a must, and the passcode shouldn’t be something obvious, like your birthday, a sequence of numbers, or the same number repeated several times. The same goes for passcodes you set up within the mobile payment apps (which you should always do.)

Set up remote phone lock and wipe as well. Both Apple and Android offer remote phone locating services, which include the option to lock the screen or erase the entire phone when you realize someone stole your phone. Set up a remote lock and wipe service account before you load any card data on your device.

Connecting to Public Wi-Fi

Everyone connects to public Wi-Fi these days, sometimes unintentionally. People leave their phones set to pick up any Wi-Fi signal, and sometimes those signals are malicious. Even when you join what you probably think are “safe” public Wi-Fi networks (like the one at your favorite coffee shop that requires a password) remember that anyone else with the password can connect as well. Hackers use public Wi-Fi to grab data from your phone, so don’t ever log into or use one of your payment apps on a public Wi-Fi connection.

ISACA’s 2015 Mobile Payment Security Study showed that only 23 percent of cybersecurity experts thought mobile payments did a good job protecting your information. Many people use mobile payment apps every day without incident; if you join in, just remember to be smart about who gets to access your data.


Image via Flickr by iphonedigital