Mobile payment apps: How to
stay safe when paying with your phone?
Are mobile payements and digital wallets safe? Are the apps safer than credit cards? What are the risks? Here is what to know.
While cash transactions aren’t going anywhere anytime soon, the convenience of electronic payment solutions has been steadily growing in popularity over the years. According to a recent survey by the US Federal Reserve, cash payments accounted for just 26% of all payments. Meanwhile, credit and debit cards and electronic payment methods were used for 65% of all payments.
The COVID-19 pandemic has also triggered changes in
how people shop, with e-commerce experiencing a surge in demand due to either
governments limiting interaction between people to curb the spread of the
disease or by people isolating themselves and doing most of their shopping
online.
As convenience is king, the surge of both cashless
payment methods and online shopping, as well as the use of smartphones for
shopping, has led to the increased adoption of mobile payment methods. Apple
Pay, Google Pay, PayPal, Venmo, and WeChat Pay prove to be among some of the
most popular mobile payment apps. However, they may come with their own sets of
risks, and threat actors like to utilize them in their scams as well.
Risks
Since we’re mainly focusing on mobile payment apps,
it stands to reason that one of the greatest risks is losing your smartphone,
which houses most of your sensitive information and your payment data if you
use payment apps. If you haven’t secured it properly, criminals could rack up
charges on your cards or use your payment apps to go on a shopping spree.
Besides ending up with either an empty bank account or overcharging your
balance, the incident may damage your credit rating with the bank, which may
make taking out a loan or mortgage difficult in the future.
Smartphones, like other computing devices, can also
be infested by malware. Depending on the type, it can carry out various kinds
of malicious activities; keyloggers can record and transmit every finger tap on
your smartphone to the cybercriminals allowing them to gain hold of your
passwords or account credentials you use to access your payment apps. Alternatively,
they can deploy fake apps that masquerade as something else and attack your
payment apps. Just one example – ESET researchers discovered a trojan masquerading as
a battery optimization tool, which targeted users of
the official PayPal app and attempted to transfer €1,000 (roughly US$1,200)
to the attacker’s accounts.