Today, smartphones are commonplace, and many people use their mobile as an alternative EFTPOS device. This raises the question of security. Do our mobile devices have the same protections that you would expect from the card issued to you by your bank?
Payments made via smartphone utilise a mobile wallet app. This app communicates with the POS terminal using contactless Near Field Communication (NFC) technology. NFC is based on close-proximity radio frequency identification. Data is sent from the mobile to the POS terminal and is encrypted using a tokenization method to replace sensitive data. This method means that seemingly random tokens are transmitted instead of the account holder’s actual information. The customer also authorizes the payment via PIN, facial recognition, or biometrics. This encrypted and authorized data then facilitates the transfer from the customer’s account to the vendor’s account.
That all sounds fantastically secure and even worry-free, however, the true level of protection these methods provide is entirely dependent on a couple of important factors. Password protecting your phone with a strong password is essential to preserve mobile device and transaction data. Using facial recognition, iris scan, or fingerprint unlock methods can offer greater security than passwords or PINs. The further best practice is to keep smartphones always locked when not in use, along with shortening the auto-lock time.
Using credit rather than debit card details for mobile payments is also advantageous in the case that you need to recover money lost to an attack. Often banks have less stringent refund policies for their credit cards if the account holder is not at fault. With debit transactions, the burden of guilt lies on the account holder to prove the alleged loss is truly fraudulent. Recovery from a debit account is naturally also a lengthier process.
Avoid using public Wi-Fi. Instead, a secure home, office or mobile service provider network should be used to add credit card information to the wallet app. In cases where using public Wi-Fi is unavoidable, turn on VPN. Anti-virus software also adds another layer of security.
Updating the smartphone operating system to the latest version as soon as it is released by the vendor will provide protection from data breaches. Generally speaking, be cautious with the apps you download and install on your smartphone. Frequent monitoring of account transactions is recommended to identify any suspicious transactions, even if the mobile device in your possession.
As many mobile payment options such as Apple Pay, Google Pay, Samsung Pay and Optus Pay are becoming available in Australia, it is important to remember that none are entirely secure or safe from theft. These technologies are ever-growing. New opportunities (a glitch or a hack) for attacks are always arising. Therefore, it is important to meet these threats by remaining on top of the equally growing improvements and safeguards that vendors provide.
Author: Srinivasan Raman – Senior MIS Technician