Mobile payment apps don’t deliver the security that you ordered


Written by:

With more of our lives moving to mobile, and concerns about identity theft after data breaches in recent years at companies such as Target and Chase, consumers are looking for simpler yet more secure ways to pay. Enter the age of mobile payment apps.

While Apple Pay, Android Pay (formerly Google Wallet) and Samsung Pay may be the most well-known mobile payment apps, they are certainly not the only ones. Starbucks, Walmart and PayPal’s peer-to-peer payment app Venmo are some other players in the mobile payment scene. Apple CEO Tim Cook declared 2015 “The Year of Apple Pay,” and Venmo has seen increased use among millennials over the past couple of years.

But a November 2015 report by Bluebox Security revealed that many popular mobile payment apps were not so secure. They predicted that these mobile payment apps would have more security than other apps, but they found the opposite to be true.

Additionally,  iOS and Android users have essentially the same risk because the apps themselves didn’t take enough time to develop their safety features and encryption before release. Security experts who chose to comment on the report said that app developers should spend a little less time making the design so fancy and a little more time trying to create a fortress of safety for their users before releasing the app; the notion that we’ll figure it out later isn’t going to cut it anymore. While Bluebox Security chose not to release the specific names of the tested apps, they took the results as an opportunity to warn users to be careful with all mobile payment apps.

In May of 2015, Starbucks’ mobile app was supposedly hacked, although Starbucks officially denied these claims. That kind of attack may have spelled disaster for Starbucks, as the app accounts for 15% of all customer purchases and most loyal rewards members prefer to use the app for payment.

Venmo, on the other hand, has several reports of fraud and poses a great risk to customers, as users can link their credit card, debit card, or bank information to their profile and are not notified when their password or email address changes. This makes it easy for attackers to get the information they want and remain undetected. And with few customer service representatives relative to their user base, Venmo is having a hard time keeping up with the trouble.

But even with the adoption of EMV technology (i.e. chip and PIN) for credit and debit cards in the past year across the United States, security experts are warning that our favorite pieces of plastic still aren’t so safe.

According to an article by eSecurity Planet with comments by security consultant Bob Doyle, “Apple’s system is a clear enhancement over chip-and-PIN.” Doyle said that Apple does have some weaknesses, including its Touch ID verification system and the potential for bugs that allow hacking–although all mobile apps are subject to this risk.

While 2015 wasn’t exactly The Year of Apple Pay, many people still enjoy using mobile payment apps due to the ease of use. Mental note to mobile payment app developers: Time to proactively beef up security and keep customers safe.

Even if you are an Apple Pay, Android Pay or Samsung Pay user, those options are not currently accepted everywhere and are not available for many online purchases. If you want to pay securely in online marketplaces, a great and secure option is Masked Cards. You can even use Masked Cards on your mobile devices. Masked Cards allow you to enter a false name, phone number and Abine’s billing address in combination with a one-time credit card number to help keep your private information off the Internet and to protect your privacy.

One thing to keep in mind is that mobile payments are still relatively new technology, and even though many apps haven’t encountered public problems yet it can take some time before bugs and security risks are found. In this data-obsessed world, it is important to be vigilant and remain curious about any company that asks for your personal information, even if they are promising to keep you safe.

Leave a Reply