Most mobile payment systems require that you link one or more of your existing financial accounts to the mobile payment system via a credit card, debit card, ATM card or even a direct link to your checking account. This allows the mobile payment system to apply the charges for purchases to your existing financial account immediately.
While this makes purchases much more convenient, is this really the best move for you financially?
If a mobile payment system is able to place charges onto your accounts immediately, you should have a few concerns:
- If a fraudulent charge occurs, how difficult is it to get the charge canceled?
- If a fraudulent charge occurs and money is taken from my account, how hard is it to get my money back?
- If a duplicate charge occurs, what is required to get the duplicate charge(s) removed?
- Can I set a maximum per-charge ceiling? Or a ceiling for charges on a daily, weekly or monthly basis?
- Does the mobile payment system have a per-charge transaction confirmation?
- Will the ease and convenience of mobile payments cause me to impulse spend? Can my finances handle that?
- If I decide to stop using the mobile payment system, how challenging is it to divorce my financial account from the payment system?
You need to investigate any mobile payment system prior to joining to obtain answers to these questions. If you are not satisfied with those answers, then don’t use that mobile payment system.
There are some mobile payment systems that do not link directly to your existing financial accounts; instead you deposit money into them, similar to a gift card. These types of payment systems are less likely to cause significant harm to your finances in the event of a security breach, especially if you only deposit a small amount of money into the account, which you can handle losing if things go wrong.
My caution here may seem overblown in light of the proclamations from various mobile payment system vendors who claim they have the best security. It is important to realize that not all mobile payment systems are using the same security, thus they cannot all be the best at securing your financial and personal information.
Since 2010, numerous mobile payment systems have been compromised or shown to have weaknesses. Some of these breaches only revealed the users’ names and contact information, while a few have revealed credit card and bank account numbers. When selecting a mobile payment system, be sure to review several options and look for information about recent hacks and updates. Just because a system was hacked in 2012, does not necessarily mean it has the same weaknesses today.
But it is your responsibility to make sound decisions when it comes to your finances. Don’t be uninformed. To find out about recent concerns, perform a few Internet searches using the phrase “mobile payment” along with one of the following: attacks, hacks, exploits, vulnerabilities, weaknesses, updates, security or patches.
Of the questions I suggested you ask, one of the most important is in regard to transaction confirmation. If a purchase is made without a confirmation process, then if your phone’s identity is compromised or someone is able to mimic you payment signals, a hacker could then use your digital wallet to make purchases. With a per-transaction confirmation, you would have the opportunity to block a purchase by denying any transaction that you are not actively participating in. A transaction confirmation could be some sort of instant on-screen prompt or take place via SMS messaging. For larger purchases a phone call or email-based confirmation might be available. Be sure to only use a mobile payment system with transaction confirmation.
Potential Apple Pay Risks
While not directly threatening your finances, it is important to realize that even the robust Apple Pay solution is not without problems. No compromise of existing accounts has yet occurred, however, thieves are using Apple Pay to help make transactions against stolen credit cards. This is not a flaw in Apple Pay itself, it is instead a symptom of the poor credit card transaction mechanism currently implemented by banks and the fact that most banks do not confirm that the user of a credit card in Apple Pay is the actual rightful owner of that card at the time the card is loaded into Apple Pay. (For more information on this concern, please visit: “Smart Mouse Traps and Lazy Mice”). There is a solution on the horizon for this issue; the use of chip and PIN credit cards is just beginning to roll out in the United States. Hopefully within three years or so, the majority of credit card issuers will have switched to this more secure system, as has the rest of the world.
Related Courses
Cybersecurity Foundations
Fundamentals of Information Systems Security