Is Your Mobile Wallet Secure?
Paying by smartphone is the next big thing, but make sure your money and your data stay safe
Why use cash when you can pay for products or services with your smartphone? The so-called mobile wallet is already popular among young Americans, including people with low incomes who don’t have a bank account. The technology is also on the rise in developing countries, where cash is often scarce and the risk of theft is real.
There’s debate about just what a mobile wallet is, but an article in Business News Daily sums it up nicely: A mobile wallet is anything that lets you use technology you already own, such as your smartphone, to make in-store payments without having to use a credit or debit card. (Some mobile wallets, such as Apple Pay, work only with certain devices.)
Mobile wallets let you pay for things and also receive
offers of shopper rewards and discounts in real-time. The "wallets" can store your loyalty cards, coupons and the concert tickets you bought. Some, like PAYTOO Mobile Wallet, let users deposit their paychecks, pay bills and transfer money as well. "Our goal is to give the unbanked
consumer back his purchasing power," says PAYTOO CEO Michel Poignant.
Many “wallets” use a phone's Near-Field Communications (NFC) chip to interact with payment terminals. The chip's signal transmits only a few centimeters, making it all but impossible for someone to hack your data at the point of sale.
“It’s a common misperception that your payment actually travels over the mobile network,” says UL’s Maarten Bron, director of innovations in the transaction security division. “When you use your phone to make a payment, it’s a closed-loop system. The payment information transmits through a barcode straight from the retailer to your smartphone. It doesn’t involve the Wi-Fi or mobile network at the point of purchase.”
So what’s not to like? To begin with, not all stores have technology compatible with most mobile wallets. And as with most innovations, there are some potential downsides. In the United States, organizations such as the Federal Trade Commission (FTC) and UL warn these mobile technologies have hidden costs and risks. Here are their top concerns.
Lots of people knowing too much about you. Everyone
from advertisers, loyalty program employees and retailers to app developers can
use mobile shopping data to build a consumer profile of you, including details
of what you buy and where you shop, according to the FTC, which says the
potential loss of privacy is unprecedented. Marketers won’t necessarily know
who you are, but they can recognize you and your buying habits.
Lack of the
protections credit and debit cards offer. The FTC notes consumers who buy prepaid accounts, reloadable cards or
gift cards with a mobile wallet don’t have the federal protections that cover
credit and debit cards, which limit a shopper’s liability for fraud or
unauthorized charges. Some retailers have voluntarily agreed to limit liability
to $50, but this is not a requirement. Regulation is lagging on consumer
Potential abuse of consumer data. As mobile services grow, so does the potential for new companies “to violate traditional laws governing collection and use of consumer data,” according to the FTC, which has already taken action against a number of mobile payment systems. The FTC notes that data brokers may use "potentially sensitive information" to group consumers into data segments and sell that information to interested parties.
To help protect yourself when using a mobile wallet, the FTC recommends making sure an app offers consumer privacy guarantees before buying it. In addition, UL recommends you take the following steps.
- Stay up to date. Make sure you have the latest operating system on your phone, upgrade apps as soon as updates become available, and keep up-to-date antivirus software on your smartphone and other mobile devices.
- Protect yourself online. If you're using a system such as PayPal (which CNET classifies as a mobile wallet) to shop online, beware of websites that look unprofessional (say, with a lot of grammar and spelling mistakes) or that immediately redirect you to a site asking for personal information. Use a protected connection. (Depending on the browser you’re using, look for the padlock icon next to the Web address, or look for "https" in the URL.)
- Use a strong password on your smartphone — the single best defense to protecting your digital identity. Many modern smartphones have a fingerprint reader for added security.
- Look for two-factor authentication when choosing apps. An example is a password plus a fingerprint scanner.
- Talk to your bank. See whether it provides a mobile wallet app. Banks don’t need to gather consumer shopping information.
- Don’t overspend. Because it's easy to pay with a mobile wallet app.