Imagine driving up to your favorite drive-through. After ordering, you pull up to the payment window and hand over your card. The cashier apologetically says the card reader isn’t working correctly and walks away. You think nothing of it until you later find a massive charge that you didn’t make. That’s what happened in September to 21 people at a McDonald’s drive-through in Indiana. The 17-year-old cashier took pictures of their cards to make Amazon purchases. Credit card fraud happens every day, and there’s a good chance something similar has happened to you or someone you know.
Because of stories like this and the convenience of one-touch digital transactions, people are switching to mobile payment options like Apple Pay, Google Wallet, and Android Pay. Consumers appreciate not having to repeatedly fill out payment forms online or share their physical card information. These applications keep cards digitally organized in a single private location and allow quick access to encrypted financial data for payment transactions.
How Do Mobile Payments Work?
To pay with a mobile phone, you hover it over the card reader and follow the prompts using a pre-registered profile of your credit card or bank account. The big difference between this digital process and a physical card exchange lies in what’s shared with the merchant. Cards and checks contain static data, allowing anyone with access to take advantage of your finances. For example, if a waiter takes your card, he has access to your full name, the card number, expiration date, and verification number on the back of a card. Virtual payment hides those numbers and generates temporary information for each transaction, keeping your information more secure.
Mobile payment providers go to great lengths to ensure the protection of your card and account numbers. For example, with Apple Pay, none of your information is stored on the phone; tokenization is used instead. Tokenization generates one-time-use codes for each transaction in place of your standard information. For even greater security, Apple Pay also requires your fingerprint for all transactions.
Is Adding a Card to a Mobile Payment App Too Easy?
As secure as many virtual payment apps may be, you shouldn’t stop looking out for fraudulent activity. In an article in the New York Times, Apple shared that fraud comes not through using Apple Pay but from stolen credit cards being logged into the application. Not all banks have a strong enough authentication system to verify the card owner is actually entering this information. Thus, stolen cards are easily approved because minimal information is required. Banks want to make it easy for consumers to verify their identities, so they’ll be more inclined to spend money with their cards.
To make matters worse, if someone obtains your card number without the three-digit Card Verification Value (CVV), there are programs that can quickly attempt the 1000 different combinations to come up with the code. Samsung Pay and Google Wallet implement rate limiting, a safety mechanism that “stops hackers [from] making as many guesses as they need at certain data they might be missing.” Apple Pay currently does not have this security feature, allowing a CVV code to be guessed in seconds.
Mobile transactions have obvious benefits. They can be faster, more organized, and safer than a plastic card by hiding the data that a criminal might steal. However, the system supporting them is still a work in progress, and identity thieves are using this to their advantage. The New York Times says, “An industry consultant, Cherian Abraham, put the fraud rate at 6 percent, compared with a traditional credit card fraud rate that is relatively minuscule, 10 cents for every $100 spent.”
While banks and developers work to devise stronger methods of authentication, stay vigilant by securing your phone with a strong PIN code and by regularly checking your statements. The list of merchants accepting mobile payments continues to grow, and these apps can be a secure option for anyone wanting to reduce the risk of identity theft.
Anderson Technologies is a St. Louis IT company with services ranging from system and network administration to custom software engineering solutions.