Airzero Sec

We Do Not Give Up ! Trust US !

Security in Mobile Payment

- Posted in Mobile App Security by

The term ‘mobile payments’ refers simply to all payments that are made using your mobile device. Do you find it convenient to shop and bank online using mobile payment apps? Most would have ‘yes’ as an answer. But, are we letting ‘convenience’ overshadow ‘security’? An attacker can easily get hold of your personal and banking information if the app or the mobile site you are using is compromised. The chances of this happening significantly increases if your mobile device itself is infected. Mobile payments include the use of mobile wallets and mobile money transfers. There are two types of mobile payments: online or in-app purchases, and using a POS terminal in a bricks-and-mortar store. Here are some of the biggest mobile payment security risks, and steps you can take to protect yourself.

Losing your phone is like losing your credit card

Your smartphone is a small, slippery object that provides a huge window into your personal life. It contains the names and contact information of every key acquaintance in your life, your personal photo collection and social media apps. It also can provide access to credit and bank accounts via a mobile wallet and payment apps.

Most smartphones contain built-in protections that can prevent a phone thief from using your mobile wallet to rack up fraudulent charges. The best way to keep a thief out of your phone is to require two-factor authentication to unlock it – ideally, a PIN combined with a biometric method such as your fingerprint, facial recognition or an iris scan.

Weak Passwords

Being hacked due to weak passwords, or overused passwords, is one of the oldest forms of hacking. Even the strongest form of password hashing encryption, used by corporate security firms, can fail when it comes to cyber criminals decryption tools.

It may sound obvious, but don’t use the same password for everything, and try and change them once a month. Look into using a passwords manager such as LastPass. These online password resources will generate strong passwords using a combination of numbers, letters and special characters, and store them all in an encrypted vault.

Cyberthieves can ‘spoof’ your mobile wallet

When you add a credit or debit card to your mobile wallet, the card number is stored securely via encryption, which disguises it with a code created by an algorithm. Additionally, the major mobile wallet providers use randomly generated payment tokens to ensure your card information is not seen by merchants or even the wallet providers when you make purchases.

Load your cards into your mobile wallet while at home, using your own password-protected Wi-Fi network. If you need to manage your mobile wallet while away from your home, consider setting up a personal virtual private network (VPN) for your phone.

Using Public Wifi

Some of the most popular ways hackers can compromise public wifi are by creating fake connections and sidejacking. Fake connections are created by setting up an access point (AP), which can be done using any form of device with internet access, with the same name as a legitimate connection. Hackers then intercept any data in transit, such as a bank transfer or online payment.

Using a VPN, Virtual Private Network is one of the most secure forms of protection against hacking. A VPN establishes a level of encryption between your device and the website you’re browsing, so any data transmitted is unreadable without the a unique decryption key. Be careful when choosing a VPN, as even these can be compromised or faked.

Your phone can become infected with malware

Cyber criminals use malware to remotely commandeer computers, smartphones and other devices or steal users’ passwords and other private information. Malware infection typically results from an unwitting user clicking on a sketchy ad or a phony link sent by a malicious third party. Computers are generally more vulnerable than cellphones, but mobile malware is a growing threat.

A bank or card issuer can employ security features on its own payment or banking app, but it can’t control the security features of third-party browsers where many customers manage their online accounts.

Nevertheless, avoid clicking on links included in suspicious ads, email or text messages from unfamiliar sources. And Clyde recommends installing anti-virus software on your phone as an extra safeguard.

Human Error

Human error or carelessness has been cited as the number one contributor to security breaches. Hackers rely on human error when planning some form of cyber attack as they count on user to click on insecure links, open emails containing security threats and accidentally downloading malware.

When it comes to protecting yourself against phishing, malware, and identity fraud, it almost always comes down to using common sense. As mentioned above, don’t click on any links in emails from unknown senders or sources, be vigilant with your passwords and how you store them. If you want to start using a mobile wallet, load your cards into your phone at home using your own private wifi. As this is password protected it is much safer than doing this at work or in public.

So, to help you avoid such a disaster, here are 9 safety steps for making secure mobile payments.

  1. Download mobile payment apps only from official stores such as Google Play and Apple Store.

  2. Before you download any app, verify the publisher. The ‘Top Developer’ badge (in Google Play) is usually a good sign that the app is safe. Read its user reviews and just Google “Is (app name) safe?”.

  3. Carefully read the permissions that the app asks for. If you think a mobile payment app is asking for more than what is required, do not install it. If you have any doubts regarding the permissions, just contact the app’s manufacturer via their Twitter handle.

  4. Never visit an online banking or shopping website by clicking on a link received in an email or text message.

  5. Always choose a strong password for accounts for net banking or online payment apps. It should be a mix of uppercase and lowercase letters and special characters.

  6. Do not use unsecured, public Wi-Fi networks for onling banking or shopping. Doing so may let an attacker steal your information.

  7. Only use established and well-known websites to for online shopping and paying for utilities.

  8. Ensure your banking transactions are OTP (one time password) enabled. While paying a purchase through net banking, debit/credit card, you will enter your login ID and password (or card details) and also an OTP (code sent to your registered mobile number) before you can make the final payment. So, even if an attacker manages to steal your net banking/card details, payment won’t go through without the OTP.

  9. Install a mobile security app that is built with multiple layers of security. The Quick Heal Total Security App comes with SafePe besides other advanced features. SafePe is especially designed to secure your financial information when you use mobile payment apps for online shopping, banking, paying bills, etc.

Conclusion

Mobile payment security concerns are still at large amongst businesses and consumers alike. However, with the correct education and proper training, mobile payments could see a dramatic current and future growth opportunities. Retailers could finally, collectively, see the huge benefits of going cardless, cashless and paperless, if only to reduce queues at the counter.