8 ways mobile wallet users can beef up security
By Allie Johnson
September 17, 2015
Sleek smartphones might one day replace bulky wallets stuffed with credit cards, but some consumers have steered clear of mobile payment technology due to worries about security.
Mobile payment products such as Apple Pay, Google Wallet (which will be partly replaced by Google's Android Pay) and others allow you to carry your credit cards in a virtual wallet on your smartphone to buy stuff in stores that support the technology.
But over 85 percent of iPhone 6 users (Apple Pay can be used only with iPhone 6 or the Apple Watch) have not tried Apple Pay, which came out in 2014, according to a June 2015 survey by PYMNTS.com and Info Scout, a consumer research company. Of those who haven't tried Apple Pay, almost 20 percent cited security concerns as the reason they've stayed away.
The bigger issue, though, might be that many consumers just aren't familiar with the ins and outs of mobile wallets. In fact, over 45 percent of the Apple Pay non-users said they either hadn't heard of the product or weren't sure how to use it.
So, how exactly do mobile wallets work? The specifics vary by product, but both Google Wallet and Apple Pay use a technology called near-field communications, which means you just hold your phone near a contactless payment reader at checkout to make a transaction. With Apple Pay, you have to hold your finger on the screen so the app can check your fingerprint, then a brief buzz from your phone lets you know the payment went through.
There are security concerns about mobile wallets, but they're generally safer than carrying and using plastic, says Kevin Johnson, CEO of Secure Ideas, a security consulting company. That's partly because mobile transactions take place digitally, with your name, card number, expiration date, security code and other info locked away from the prying eyes of cashiers, clerks and waiters.
“The same people who say, 'I'd never use Google Wallet or Apple Pay because it's not secure,' are the same people who spend an evening making a waiter angry, then hand him their credit card and let him walk away with it,” Johnson says.
Keep your mobile wallet secure
The biggest security risk of using a mobile wallet? The scenario in which your phone gets lost or stolen and a thief goes on a shopping spree, experts say. If you use a mobile wallet (or are thinking about jumping onboard) here are eight ways to beef up security:
The same people who say, 'I'd never use Google Wallet or Apple Pay because it's not secure,' are the same people who spend an evening making a waiter angry, then hand him their credit card and let him walk away with it.”
— Kevin Johnson,
CEO of Secure Ideas
- Know the product. Before you start making mobile payments, learn how the mobile wallet you're considering works and what security provisions are in place. For example, when you enter a credit card into Apple Pay, that card is assigned a unique device account number, according to Apple. That number is encrypted and stored in a chip on your phone, not on any Apple servers. When you check out at a store, that number is used, along with a one-time-use ID number assigned to the transaction. So, according to Apple, your credit card number never gets shared with the merchant, a big plus in this era of data breaches.
- Use fingerprint technology if you can. Picking a product that employs fingerprint technology adds an extra layer of security, says Robert Siciliano, security expert with BestIDTheftCompanys.com. With Apple Pay, which uses Touch ID, you must put your finger on the screen to complete a transaction. And Samsung Pay, which will debut Sept. 28 and will come already loaded on new Samsung smartphones like the Galaxy S6, also will use fingerprint technology. (But beware: Even that's not foolproof for a determined thief.)
- Protect your phone with a strong password. If you don't already, lock nosy friends, co-workers and fraudsters out of your phone. Instead of choosing the standard four-digit PIN, choose a longer, more secure password, Johnson says. For example, Consumer Reports recommends using at least eight characters, with a combo of letters, numbers and special symbols. Set your phone to lock automatically after sleeping for a certain time period – and don't make it long enough for a thief to go shopping. (However, if you have Touch ID on your device, you can bypass your password by touching your finger to the screen, according to Apple.)
- Don't neglect phone updates. Every time you get an alert telling you to update your phone's operating system or apps, do it, Siciliano says. The updates often fix security issues, so if you fail to update you're leaving your phone vulnerable to hackers, he says.
- Treat your phone like a card. Especially when you use a mobile wallet, treat your phone just like you would a credit or debit card. Don't leave it sitting out on the table at restaurants during your meal or leave it lying on your desk at work when you run to the bathroom or go out to lunch, Johnson says. Also, people should stop carrying their phones on belt holsters or in those baggy side pockets of cargo pants – an error he's guilty of from time to time, Johnson says. “Anybody could walk by and grab it,” he says.
- Consider antivirus protection. Users of Android phones, especially, should use an antivirus service for their phones just as they do for their computers, Siciliano says. The Android operating system has tens of thousands of viruses targeting it, while the Apple OS has just a handful, he says.
- Act quickly if you lose your phone. Having a find-my-phone app installed on your smartphone can help you find it quickly, according to Consumer Reports. If you're not sure where you left your phone, these apps will use GPS to help you zero in, provided the phone is turned on and has a cellular or Wi-Fi connection. Forgot to install an app? That's OK. Android users can use Google's Android Device Manager to try to locate the phone, while iPhone users who have the “Find my iPhone” feature set up on their device can simply log into iCloud and click on “Find my iPhone.” They then have the option of putting the phone in “lost mode,” which temporarily suspends Apple Pay, or of wiping the device totally clean.
- Check your accounts regularly. Look at your bank and credit cards accounts frequently, Siciliano says. And you might want to keep an especially close eye on any accounts you have linked to a mobile wallet. Siciliano recommends signing up with your bank or credit card company to get alerts any time a purchase is made. As always, report any fraudulent charges to your bank right away.
Eventually, consumers are likely to get more comfortable with mobile payment technology, Johnson says. “I absolutely think more people are going to start using mobile wallets,” he says. “They're just too convenient.”