Data security

How to Prevent Mobile Payment Theft and Fraud

The mobile payment trend is on the rise, as more customers are using their smartphones to pay their bills and cover day-to-day expenses. Despite the fact more people are using the technology, an eDigitalResearch study of 2,006 consumers in April 2013, found that 52% of consumers have security concerns, and 40% believe mobile payments leave you more susceptible to fraud. However, mobile payments are safer than many realize and consumers can take action to further protect themselves.

How Mobile Payment Systems Technology Protects Consumers

Mobile point-of-sale (POS) systems that connect to a smartphone to allow small business owners to collect credit card payments using the same encryption traditional POS terminals that customers use in a retail store. This encryption, known as point-to-point encryption (P2PE) or end-to-end encryption, or E2EE, protects the information from the time it is swiped, all the way to the payment processor. Data intercepted through this process is completely useless to a hacker, because the encryption makes the original account information unrecognizable. No payment method, even cash, is fully secure but mobile credit card processing is as secure as any other payment method.

As mobile wallets become more popular, major banks including CitiBank and U.S. Bancorp, along with other members of the industry trade group The Clearing House, are working together to develop a system to increase their security. The idea behind the system is to put a wall between the customer's account information, the merchants, and other third parties. The system is collectively known as Secure Cloud, and aims to provide an extra layer of security to mobile wallets. The system, testing in late 2013, will work to prevent the financial information from leaking any further than the banking system.

The idea behind the technology is that instead of using the customer's financial data, the system will generate a "token" that is instead a randomly generated sequence of numbers. The token will be used to authorize the transaction when a mobile wallet is used for payment. Then the token is used to match the authorization to the account holder's original information to complete the transaction.

As technology continues to rapidly advance, visual scanning technology may be used to verify your identity. Visual scanning technology already in use by companies like Jumio and for identity verification is more secure than the security measures in place to protect today's e-commerce market.

Why Mobile Credit Card Processing is Safe

  • There is no need to read card information aloud. For years, customers have had the option to call and make a payment over the phone. If the customer is alone in the room, this could be safe. However, if anyone around is close enough to hear the information as it is announced over the phone, that person would then have everything they need to use the card. Keep in mind, the person on the other end of the phone typically reads the card number and other information back to the consumer, to review for accuracy. There are possibly other people who could hear and use the information from that end, as well.
  • Paper trail is eliminated. Gone are the days when John the tow truck driver has to ask for a customer's card information to write down on the receipt, so he has a copy for his records to take back to the office for processing. Now, the transaction is instant, and there's no need to worry about John losing that piece of paper somewhere between the customer's driveway and the shop.
  • Mobility increases safety. Mobile business owners are less susceptible to theft, simply because the thieves do not always know where the money is. In a traditional physical store location, the thieves know where to go and what time to do it. The lack of consistency for where and when transactions occur provides an additional layer of protection for both the consumer and the business owner.

What Consumers Can Do to Protect Themselves

Consumers worried about mobile payment security issues do not have to rely solely on the technology to keep them safe.

  • Keep the device protected with a PIN. This identification number must be entered on the screen to unlock the device for use. Some models even allow for a pattern to be traced on the screen using a finger. Even if the phone is lost or stolen, the thief would not be able to do anything with the device. Do not set the PIN to anything that is easy for someone to guess. Avoid using: birthdate, anniversary, banking PIN, or any part of the social security number.
  • Always download apps from trusted sources. Applications not listed in the device's respective app store are risky. Because Apple® and Google® have such high standards for their products, apps listed in those marketplaces must be approved. Third party apps don't necessarily have to live up to those standards and may put devices at risk. Most smartphones have the option to block installation of apps from untrusted sources. When not sure about the quality of an app, users should check the apps reviews for more information and to see what other users are experiencing. When in doubt, don't use an app.
  • Keep the phone's operating system up to date. Security updates happen whenever the operating system's security team finds and fixes a hole in the code. Keeping the phone up to date helps ensure the device is fully protected.
  • Only conduct transactions over a secure network. Though it may be tempting to shop while waiting at the doctor's office, save it for when the device is connected to a secure network at home. Don't do anything with financial information while connected to a public Wi-Fi hotspot. Hackers and identity thieves don't typically hang around hotspots to steal information, but the lack of encryption just means transferring personal information isn't a good idea.
  • Keep an eye out for HTTPS in the mobile web browser bar. This indicates the connection via the mobile web is secure. If this is not present in the mobile browser's address bar, the connection could cause personal information to be visible.
  • Use security apps on the device. Free security apps are available from the app marketplace to protect the device. In addition to virus scanning and protection, these apps allow consumers to login to a website from a computer to locate their phone. Apps are also available to back up the phone's data, and when the phone is lost or stolen, the owner can log into their account online to erase the phone's data, thereby eliminating the risk of fraud. Some apps even make it possible for the phone's camera to take a photo of any person who has a certain number of unsuccessful attempts to unlock the phone. The photo will be emailed to the account owner, along with the location of the phone to assist in recovery.
  • Resist the urge to jailbreak. Jailbreaking a mobile device voids the warranty with the manufacturer, because it allows third party applications to be installed. Though it may be tempting because of the "extra" features available, it also leaves the device more vulnerable to hacks.

Consumers should also make it a habit to watch their bank statements for irregular activity. Immediately report any unauthorized activity to the bank.

Identity Theft by the Numbers

According to a Javelin Strategy & Research study, 12 million Americans were victims of identity theft in 2012, a 13% increase from 2011. Though this seems alarming, instances of identity theft and credit card fraud are not typically tied to mobile payment transactions. While fraud most commonly comes as a result of a data breach or online fraud, more than 1.5 million cases of identity theft in 2012 were "familiar fraud" meaning the victim knew the person who stole their identity.

Major credit bureau Experian notes there are multiple ways credit thieves can access information—only one of which has anything to do with the Internet or a mobile phone. Identity thieves can access information through:

  • Finding a lost card before the bank cancels it.
  • Stealing from a mailbox.
  • Lurking over someone's shoulder as they handle a transaction.
  • Going through someone's trash.
  • Making a false telephone solicitation.
  • Looking through personnel records.
  • Sending an unsolicited email.

While identity theft is no doubt a problem in the United States, there is little information to support mobile payments as a source of information for thieves. There is a much greater likelihood the information is collected through other means.

While fraud and security are natural concerns associated with any new technology, the reality is credit and debit card fraud existed well before the development of mobile payment technology, and it will continue at least to some degree, until technological advances to further protect an individual's identity come into play.

Despite the fact some consumers worry about security, Forrester Research predicts that by the end of 2017, mobile users in the United States alone will spend $90 billion, up 48% from the $12.8 billion spent in 2012. Security issues may be a roadblock in the widespread use of mobile payments, but they are not stopping people from using them.

If you have any questions, please ask below!