Understand Your Finances
Get smart about ways to protect your mobile payment security
Multi-factor authentication better protects against fraud, privacy breaches
The following article is part of "The Future of Money," a new series presented by Chase Pay® that explores how our relationship with money is evolving.
Rachel Walker uses mobile money on a regular basis. "It's mostly about convenience," the Boulder, Colorado-based writer says.
"Mobile payments make it easier to pay people and keep track of who has received payments," she says, adding that she feels largely confident in the technology and institutions behind the apps she uses.
While Walker is hardly alone, fears over potential security issues remain a hurdle for the next wave of adopters. A recent Federal Reserve survey found two-thirds of respondents haven't used mobile payments because of concerns about fraud, unauthorized use of credit cards and bank accounts and privacy breaches.
Mobile payments experts, however, insist technology advancements and a bit of consumer common sense can make such tools safer, opening up a new world of convenience and buying power for users.
Here's what you need to know.
Bryan Orme, principal at GuidePoint Security, a Virginia-based cyber security company, notes that whether you're using a plastic card, an app on your phone or even cash, risks exist within all payments forms.
"I think there's always a fear of new technology," he says, "but mobile payment technology has inherent safeguards built in."
In the world of mobile payments, technology plays a key role in not only making the act of paying via your smartphone possible, but also safeguarding your personal financial information. Technologies that every savvy consumer should be familiar with include:
Many mobile payment applications rely on the tokenization of your credit card information. It works like this: You enter your credit card number into your mobile payment app. However, when you use the app, it creates a token—a random selection of letters and numbers—that replaces your actual credit card number. That's what's used to facilitate the transaction, ensure card numbers are not shared with merchants, and make it as secure as possible to pay with your phone.
"If someone stole your phone or intercepted the payment, they might be able to intercept that token, but they wouldn't be able to replicate your card number," Orme says.
Most of us are terrible at creating secure passwords, and this is where multi-factor authentication comes in.
"It's orders of magnitude more secure than a traditional password," Orme says. Essentially, this is an added layer of security that requires consumers to provide multiple forms of identification, such as a password and pin code or security token sent to your phone, perhaps, or even answers to a series of additional security questions—to access an account, or use a mobile payment app.
Thumbprints, iris or facial scans and voice recognition are also becoming a more common component of multi-factor user authentication.
"While security researchers have been able to find vulnerabilities that can defeat biometrics in some cases, these controls add a significant additional amount of security beyond passwords," Orme says.
Further on the horizon: Technology companies are beginning to explore biometric behavioral scans—the ability for a device to recognize users based on actions such as the speed they scroll at or what they do after they login.
As technology continues to advance, consumers can also take measures to ensure that their mobile payments remain secure. "It's a shared responsibility," Orme says. "The application providers need to provide secure infrastructure and mechanisms for making payments, then consumers need to take responsibility for their own devices."
What does that entail for users? Here are a few simple steps you can take to protect your mobile money:
- Enable the lost and stolen features on your phone. These typically disable the device once it has gone missing, preventing thieves from using your phone to make purchases.
- Turn on multi-factor authentication. Take advantage of the added layer of security, whether it's a fingerprint, pin or additional questions.
- Stick with reputable financial institutions and vendors. Investigate the security measures that a mobile payment app has in place before you use it.
Kelly Kearsley is a Chase News contributor. Her work has appeared in The Wall Street Journal, CNN Money, Money Magazine and Runner's World.