The ease of using mobile payment apps like
Venmo and Square Cash has made carrying cash a choice, rather than a
necessity. But as convenient as they may be, there are risks involved
with giving third-party apps like these full access to your digital
wallet.
Each of these apps has already been
proven susceptible to fraudsters. Ever wonder what happened to all that
user information that was stolen in those giant data breaches at Target
and Home Depot last year? A new report shows that hackers used some of them to find a clever way
around Apple Pay’s fingerprint-protected system. They simply used the
stolen identities and credit card numbers to set up entirely new iPhone
and Apple Pay accounts and then purchased expensive products, mostly
from the Apple store.
And last week, Venmo’s chief security officer apologized
to customers for the PayPal-owned company’s lackluster efforts to
respond to customer complaints about fraudulent transactions. The letter
was in response to a report
on Slate.com in which a Venmo customer claimed someone hacked his
account and was able to transfer $2,850 from his bank account. While his
bank, Chase, quickly refunded his money, he waited nearly two days for a
response from Venmo’s support team. Even CurrentC, the mobile payments
startup backed by a consortium of big retailers, had to alert beta users that some of their email addresses had been accessed by hackers last fall.
“I
grew up in an era 20 years ago when you handed people checks, which had
your bank account number, your name, phone number, even Social Security
number on it sometimes,” says Jim Bruene, founder of Finovate, an
international financial and banking technology conference. “E-payments
solved that problem, but they have created new ones along the way. It’s
this constant battle between making new improvements to security and
crooks catching up to them.”
A weary
consumer could look at headlines like these and swear off mobile payment
apps for good. But let’s face it: Even before teenagers were splitting
dinner bills on their smartphones, there never really has been a 100%
risk-free way to manage cash.
“There are
always going to be growing pains with these new apps,” says Shaun
Murphy, a former Department of Defense communication systems and
security expert, who co-founded data security firm Private Giant in
2012. “As consumers, we want things to work right away... but there are
[vulnerabilities] that you don’t necessarily know about until after a
product launches.”
These newer free money transfer apps are meant to make it easy to send a friend that $30 you owe her for dinner last night. You connect the app to your bank account, debit card or credit card account, and send the money to the recipient. They’re a nice alternative to traditional money transfer tools offered by banks like Chase, Wells Fargo and Bank of America, which only allow instant transfers if both parties are account holders at the same bank. Otherwise, transfers can take a few days to process.
These newer free money transfer apps are meant to make it easy to send a friend that $30 you owe her for dinner last night. You connect the app to your bank account, debit card or credit card account, and send the money to the recipient. They’re a nice alternative to traditional money transfer tools offered by banks like Chase, Wells Fargo and Bank of America, which only allow instant transfers if both parties are account holders at the same bank. Otherwise, transfers can take a few days to process.
There
are basic ways to add extra layers of protection to your financial
information when using mobile payment apps. We asked Murphy for a few
guiding principles.
Sign up for two-factor authentication, if the app offers it. Two-factor
authentication requires the user to log in to the app with their
password and then enter a unique code sent via text message to their
mobile phone. Unfortunately, this extra step kind of ruins the whole
“super easy and convenient” factor that makes payment apps so appealing.
Neither Venmo nor Square Cash offer two-factor authentication, but
given the current scrutiny over their security practices, this is a
feature that might be added in the future. Google Wallet
does ask users to verify their identity by punching in a code sent to
their mobile device the first time they transfer money and anytime they
sign into the service from a new device.
Only purchase apps from official app stores. It’s
common for fraudsters to create fake apps that look legit and market
them on the web in emails or social media. Don’t download any apps
unless you’re shopping in an official store, like the iTunes or Google
Play stores. Android users are particularly vulnerable to these kinds of scams, Murphy says.
Secure the device itself. No
matter how secure your apps are, it means nothing if a thief can access
your device. At the very least, set up a PIN and for another layer of
security, record your fingerprint if you have an iPhone. Murphy also
suggests checking your phone’s privacy settings to ensure that all the
stored information is encrypted by default.
Link apps to your credit card accounts rather than to debit card and bank accounts.
Credit card users almost always have zero fraud liability, which means
any funds you lose through fraudulent activity will be returned to you.
It’s a lot worse if your bank account is hacked, since you may need that
cash for immediate expenses like rent or bills and could wind up in
trouble if you have to wait for a refund.
Use a trusted Internet connection:
It might be time to invest in a bigger data plan, especially if you
often find yourself using your phone’s Internet connection on the go.
Relying on public wi-fi hotspots can put you directly in harm’s way, as
this is a popular hunting ground for “middle man” attacks, which is when
hackers intercept your information while you’re logged into public
networks. Murphy suggests turning off wi-fi when you’re not near a
trusted connection, like at the airport or a coffee shop.
Bonus tips:
Ask for alerts when any transactions or account changes are made. Not
all apps automatically send you alerts when you’ve sent or received a
payment, so it’s important to adjust your settings to make sure alerts
are activated. For
example, you need to visit your settings tab in Venmo to turn on
transaction notifications. You can also tell Venmo to set a lower limit
for money transfers (currently, all Venmo transfers are capped at
$2,900, although we’d recommend setting your limit much lower). Some
banks and credit card companies also allow you to set up alerts for
large transactions. Most apps send transaction notifications via text,
email or push notification.
Make sure you’re transferring money to the right person. A 2014 MIT study
found one major flaw in the way Venmo works: Because people select
recipients of money transfers by selecting their username from a list of
“friends,” it’s possible that hackers could trick them into sending
money to the wrong people by simply mimicking the handles of their
existing contacts. These so-called “social engineering”
scams are the same kinds of maneuvers at play when you receive an email
that appears legitimate -- say, from your cellphone provider -- telling
you your account has been locked and you need to email your account
information immediately to rectify matters. The best way to prevent
situations like these, especially on money transfer apps, is to
double-check the username with the friend you intend to pay and follow
up to make sure they received the transfer, Murphy says. If they
haven’t, report it to the app’s customer service department, stat.
Culled from Yahoo Finance
No comments:
Post a Comment