Do you ever pay for something on your smartphone? You may want to re-consider that. Most people don’t know that there are significant risks to making payments on your smartphone.
According to research by the Ponemon Institute, 29% store credit and debit card information on their mobile phones. It appears they do so out of trust, but this trust is misguided. 89% of people are unaware that smartphone applications can transmit confidential payment information without their knowledge or consent. In addition, 91% were unaware that financial applications can be infected by malware designed to steal credit card or banking information.
There are a variety of ways that you can pay for things with your mobile phone including browser-based transactions with credit / debit / banking information, SMS transactions, near-field communications (NFC), tokenization and more, all with a variety of risk factors. Your credit card or banking information could be leaked in a variety of ways: insecure WiFi, malware / spyware, theft and more. If you use NFC, it could be hacked. If you make a payment on your smartphone, you may not have the same protections as you did with direct credit or debit card transactions. The risks are many.
There are some ways you can mitigate the risks of paying by smartphone:
- Shop with retailers who do not save your credit card information (if they’re not stored in a database somewhere, nobody can hack into them!). In order to ferret out this information, you’ll need to carefully review websites as well as look to the Internet for articles and reviews of retailers and their data security policies.
- Ensure your data is encrypted when it is sent to the POS system
- Ensure your data is only sent to the venue’s POS system (not a third party server)
- Install security software and keep it up to date
- Beware of illegitimate apps – only use apps from official app stores, read the reviews
- Only shop with trusted retailers online
- Never shop on a public wi-fi connection
- Use a strong and unique password for each site you shop on (or use a password manager)
- Look for signs your data is protected (https://, closed padlock, unbroken key)