Mobile Payments 101
Did you know that now you can use a smartphone, tablet, or other mobile devices to pay for some purchases? Mobile payments are definitely convenient – no need to write a check or to pull out your wallet for cash or plastic, no need to type in your payment information to buy something online, but are they safe? This is always a good question to ask when you consider using any new technology. Because you usually carry your phone or other mobile device with you, it’s on most of the time, and it may contain very sensitive personal information, it’s especially important to keep it, and its contents, safe and secure, especially if you want to use it to make mobile payments or conduct other financial business.
What is a Mobile Payment?
It’s using your mobile phone or other mobile device, online or in person, to provide information electronically to make a payment. There are many different technologies and processes used to make mobile payments and new ones are always around the corner.
Common Types of Mobile Payments
- Near Field Communication (NFC) mobile wallet payment. NFC enables you to tap or wave your mobile device close to a “reader” next to a cash register or on a vending machine, turnstile, parking meter, etc. Your mobile device sends the account information that you are going to use for the payment through a radio signal with a short range of about four inches. The mobile wallet app stores your account number in a secure chip in the phone or in a secure file server linked to the mobile wallet app. Examples include Apple Pay and Google Android Pay.
- Mobile web payments (WAP). Use the web browser on your mobile device or a mobile app to make a purchase on the Internet and charge it to your credit, debit, prepaid or bank account.
- QR code (quick response) scans. Your mobile device produces a QR code on the screen to be scanned at the register. The QR code provides the link to the payment information. Usually you download a mobile app for the merchant (such as Starbucks) or a mobile wallet (such as LevelUp) that allows you to create the QR code on your mobile device.
- Mobile text payments (SMS). Send a code by text message to the seller using your mobile device to approve the payment. The purchase is charged to your wireless service bill or a pre-paid account held by the mobile operator. Personal information, such as payment account number, should not be sent via SMS.
- Direct mobile billing. Provide your mobile phone number as your account number to the merchant. The purchase is charged to your wireless service bill. These are normally low-dollar digital payments for items such as ring tones, screen savers, or apps, with most mobile operators establishing a transaction and consolidated dollar limit.
How you can make mobile payments depends on what your device is equipped to do and the service in which you have enrolled. For example, billing to your phone number may not require Internet access on your device, but most other types of mobile payments do. Your ability to make mobile payments also depends on whether the merchants are equipped to take them.
In most cases, the accounts that you use now to make payments will be same ones that you use to make mobile payments (for instance, your bank account or debit card, a credit card or a prepaid account). Some mobile payment systems even enable you to use gift cards and loyalty points to pay. And many of the same precautions that you take now to protect your privacy and security when you make payments apply to mobile payments.
Security and Mobile Payments
Smartphones and other mobile devices that can access the Internet are basically personal computers that you carry around with you. You can store your contacts, passwords and other personal information on these devices, so it’s important that you guard your mobile device as you would your checkbook or wallet. There are many things that you can do, and that industry is doing, to keep your personal information secure when you make mobile payments.
Security Features Built Into the Payment Process
In many cases, mobile payments may actually be safer than physical payments with cards or even cash. There are many security features built into both mobile devices and the mobile payment process to protect and encrypt your data to a degree that your actual wallet just can’t compete with. However, because there are different types of mobile payments and a multitude of mobile payment apps to choose from, there are some basic questions you should ask before using any mobile payment applications or wallets.
- What authentication credentials (i.e. password, PIN number, biometric, etc.) does the payment service require to make payments?
- Are your financial account numbers and other sensitive information stored on your device, or remotely and how are they secured? Are the payment account numbers tokenized?
- What account information is transmitted to make the payment?
- Is encryption used to protect your personal information in transmission and storage?
Most mobile payment services require a password or, PIN number to open the application. Don’t share this information with anyone who doesn’t have your permission to make payments using your accounts. Some mobile applications have added the option of using a biometric such as a fingerprint or facial scan to increase the level of protection against an unauthorized person making transactions. Others may email or text message confirmation of payments to double-check and ensure that they were legitimately made.
Your payment account information might be stored in a secure chip on your mobile device or on the server of the payment service itself. In some cases what’s stored on your device is not your actual account number but a substitute for it, either another account number or a “token” that represents your account. This adds another level of security, not only against intruders trying to get your account numbers but from data breaches at points along the payment chain, such as payment processors and retailers, because they only get the substitute numbers. As mobile payments evolve, so will these security features.
When account information is transmitted to make the payment, it is usually encrypted – turned into a code that can only be read by parties along the payment chain that need it and who have the “key” to unlock the code. Retailers and others are also using encryption and security tokens to make account numbers, passwords and other sensitive information that they store unusable if someone illegally accesses it.
There may be additional security features provided by the mobile device operating system, the mobile payment service, the payment provider (such as your payment card issuer) or the merchant.
Tips for Keeping Your Mobile Payments Secure
- Have your mobile device automatically lock when not used within a designated period of time.
- Keep your passwords and PIN numbers to yourself.
- Only download payment apps and other software from sources that you trust, such as your financial institution, a retailer that you do business with, or a trusted app store.
- Protect mobile devices that can access the Internet from hackers and malware by using security software and keeping it updated.
- Be extremely careful when you use free public WI-FI.
- NEVER jailbreak or disable the security features of your phone.
- Beware of messages from criminals pretending to be from your financial institution or someone else you trust asking for your account number or other personal information.
- If you receive an email unexpectedly asking you to click on a link or open an attachment, beware. If it’s from an unknown source, delete it; if it looks like it’s from someone you know, check with the person directly before you do anything.
- Never give access to your device to anyone who contacts you unexpectedly and only deal with tech support companies that you know or whose reputations you have checked out.
- Look for mobile devices and payment services that offer good security features.
Information provided by the Consumer Federation of America