How to be safe when making payments with your mobile
The popularity of electronic payments has been growing steadily in recent years.
According to a recent survey by the US Federal Reserve, in 2019 cash payments accounted for only 26% of all payments, while for the remaining 64% credit and debit cards and electronic payment methods were used.
Meanwhile, the COVID-19 pandemic has brought with it drastic changes in the way we do our shopping: e-commerce is facing increasing demand because governments are limiting human interaction to limit the spread of the virus, but also because entering quarantine we do most of our shopping on the Internet.
And as we make our payments more and more often without cash, new products and payment methods have been created via mobile. Apple Pay, Google Pay, PayPal, Venmo and WeChat Pay have emerged as the most popular mobile payment applications. However, mobile shopping can be risky.
Experts from ESET, the global cyber security company, show us some of the key dangers and ways in which we can be deceived and advise us on what we can do to protect ourselves.
One of the biggest risks you run is the loss of your device and this is because some of your most sensitive data and transaction data are on your mobile device if you are using mobile payment applications. If you do not lock your cell phone properly, criminals can charge your cards or use your apps to make purchases. In addition to ending up with either an empty bank account or overloaded cards, this can damage your creditworthiness, which can make it difficult to get a loan or mortgage in the future.
Smartphones, like other devices, can be infected by malware. Depending on the type of software, cybercriminals can carry out various types of malicious activities.
The keyloggers For example, they can record and transmit cybercriminals your typing on your mobile phone, allowing them to obtain the passwords or account credentials you use in payment applications. Another thing cybercriminals can do is develop fake applications disguised as something else to attack the payment applications you use. For example, ESET researchers have discovered a trojan disguised as a tool that improves the battery performance of a mobile phone, which targets users of the official PayPal application and tries to transfer 1.000 euros to the attacker's accounts.
Do not deceive me
Beyond his theft smartphone or trying to infect it with malware, cybercriminals rely on other, more traditional means to lighten your wallet. They are based on cyber fraud.
For example, cybercriminals may pretend to be someone you may already know and ask you for help in dealing with an emergency. The scammer can also access your contact list and pretend to be someone to whom you have already sent money using a mobile payment application.
Cybercriminals can also resort to more common ways of cheating. They can use dating apps to build a relationship and then try to extract money from their victims, citing various reasons, such as that they urgently need money to pay for hospitalization.
Another popular tactic is scams through contests or prizes. Here the potential victims will be informed that they have won a huge prize, however, to receive it they will have to pay a transaction fee. Of course, they will never receive the "incredible" prize from the fantastic contest in which they never participated, and they will probably never receive the "receipt of payment" back.
There are also attacks e-fishing, where scammers impersonate the company that uses the app for mobile payments. Fake websites created by scammers try to trick victims into revealing their account password, so they can empty accounts or sell logins to others.
How to protect yourself
The first line of defense to protect you and your money is to activate all the security measures offered by your mobile phone. These include activating a combination of biometric lock (face scan, retina scan, fingerprint scan) and lock code.
Once you do this, it is difficult for someone to break into your cell phone or use mobile payment applications. This is because every time you want to access them or make a transaction or buy something, the device will ask you to verify your identity. However, there is one thing to watch out for: depending on the country, payments up to a certain limit do not require verification of your personal information.
Also, both the devices Android and Apple devices support "find my cell phone" features that allow you to remotely turn off your phone if lost or stolen… and may even allow you to delete data from a lost device remotely .
In addition, most payment applications allow you to enable additional security features, such as two-factor authentication, which you should enable immediately if you have not already done so.
You can also lock applications with additional security measures, such as biometric locks and passwords, while you can enable the same security measures for transactions. You should also enable transaction or payment notifications. Then, if suspicious activity occurs, you will be notified (almost) in real time.
To avoid receiving malicious applications that target your wallet, it is essential that you always check what you are installing on your mobile phone so that you do not install a malicious application disguised as something else. A good rule of thumb is to also check application permissions.
Last but not least, consider using mobile security software such as ESET Internet Security to protect yourself from the majority of threats and stop malicious activity. An added advantage is that fully equipped security products have protection for banking and payment applications.
Tips from a malware analyst
Although the risks associated with using mobile payment applications are real, some of them are more secure than other electronic payment methods, according to Lukas Stefanko, a malware researcher at ESET.
"Using services like Apple Pay or Google Pay is a little more secure than using a credit card for contactless payment, because these two applications do not provide your credit card number to the merchant. Instead, they provide only virtual account names created for each payment, "Stefanko informs us.