Published April 13, 2011
When you whip out your smartphone to transfer money, deposit a check, or “tap” it on an electric reader to buy milk at your local 7-Eleven, do you ever wonder how secure it is?
The good news is, using your phone as a “mobile wallet” is largely considered safe. In fact, some experts argue the security of mobile payments is on par with online banking, with the added layer of password protection.
“Overall, consumers shouldn’t be any more nervous than they would be using their computers for banking,” says Avivah Litan, an analyst at IT research firm Gartner.
But that isn’t a license to throw caution to the wind. A February report by McAfee (which sells anti-virus software) found a whopping 20 million new pieces of “malware” — aka: malicious software — in 2010, a trend expected to surge in 2011 as cyber criminals catch up with the latest mobile technologies.
And with the value of mobile transactions expected to grow to $245 billion globally by 2014, according to Gartner estimates, plenty of money is at stake. Here are five security tips to consider:
Know what you’re doing: First of all, mobile banking and mobile payments aren’t the same thing. Mobile banking refers to checking account balances and transferring funds much like you would online. With mobile payment, however, you’re using a phone with Near Field Communication (NFC) technology, a chip that that allows you to swipe your phone at the point of sale (ie: McDonald’s or 7-Eleven) to deduct the money out of your bank account or charge your credit card.
A common misconception is that NFC sends all your personal information over the wireless network. Not so, says Forrester analyst Emmett Higdon. “It’s simply an exchange of credentials confirming that you are who you say you are and have the authority to make the transaction,” he explains. “It’s not like your payment details are going over Verizon’s network.”
What’s more, the chip can achieve things like “dynamic authorization” that actually make the transaction more secure than the mag stripe on your credit card, says Chris Cox, vice president of mobile solutions at FirstData.
Use a password — and make it a good one: A password is your first defense against hackers, so make sure all your mobile payment applications are protected by one. And steer clear of obvious passwords, such as your birth date or the word “password,” says Ken Lin, CEO of Credit Karma.
Lin’s favorite tip is to use a base password like “123″, proceeded by another word spelled backwards for each site or application you visit (for your Chase bank, for instance, you would use “esahc123″). The key is to switch it up consistently: “What happens is a site might get hacked, and if you use that same password for all your mobile payment systems, they’re all at risk,” says Lin.
Know your apps: Don’t assume that every app is safe. “It’s the software on your phone — that’s where the danger is, ” says Litan. “The easiest way criminals can target your phone is through a bad mobile app,” she says.
The problem is malware, which is designed to track your keystrokes or access your account information without your consent.
Before you download, verify that the app is legit through the company’s website — most financial institutions will link directly to their app from their web page. Or stick the the Apple app store, where apps go through a fairly rigorous vetting process before being offered to the public, Litan says.
Check your statements: It sounds obvious, but make it a habit to check your banking and credit card statements regularly and report any unusual activity.
You can choose which accounts to link to your phone, so you may decide to put all of your phone transactions on the same credit card. That would make them easier to track and would protect your checking account from accidental overdrafts or fraud, should your phone be stolen and used.
Have a backup plan: Think about your plan of action should your phone goes MIA. Do you have the phone numbers of your financial institutions on hand elsewhere? You’ll need to report the phone as missing to your credit card issuer and financial institution. Also, find out if you can “wipe” your phone of all sensitive data from your home computer; this will ensure that all personal banking information is taken off your handset. (Ask your telco for details if you’re unsure.)
For all the talk about mobile wallets, the fact is America is far behind places like Asia and Europe when it comes to making mobile payments. Of the 105 million mobile payment users in the world, only 3.5 million of them are in North America, Gartner research shows. Similarly, a 2010 survey by Forrester found that only 15% of U.S. mobile phone users are interested in making in-store payments with their phones.
Part of the reason is a strong payment infrastructure in the U.S., Litan says. “Everyone takes credit cards, everyone takes debit — we haven’t needed other forms of electronic payments.”
Still, Litan is confident that mobile wallets will only become more popular, especially with the younger generation: “I can tell you my 24-year-old son is always losing his wallet…but he never loses his phone.”