Today’s world is one featuring numerous ways to pay for, well, anything. The latest offerings are in mobile form, but just how safe are mobile payment apps? Apple Pay, Google Wallet, Kash, Paypal, Square, Levelup—these products make paying as easy as taking out your phone, but are they vulnerable to hackers? Are the companies behind these oh-so-convenient apps doing everything they can to keep user information safe?
These questions and others are being asked in a new report by advocacy group, The Clearing House. The report, entitled Ensuring Consistent Consumer Protection for Data Security: Major Banks vs. Alternative Payment Providers, argues that payment app developers aren’t subject to the same regulatory oversight banks get regarding cyber security. The result is security flaws remaining under the proverbial radar until it’s too late and a breach occurs. Clearing House is owned by the world’s largest commercial banks.
Gary Miliefsky is the CEO of SnoopWall, a company that specializes in cyber security. He says that the report highlights real cyber security concerns.
“These alternative-payment methods certainly are providing something that consumers want, which is a convenient way to make payments,” Miliefsky says. “But I don’t think most of those consumers would be too thrilled to know that these companies might not be subject to the same demanding data-security requirements their banks deal with.”
Security Breaches
Starbucks is one company that has already made headlines for its mobile payment app issues. The app is a favorite way for coffee drinkers to pay, however in May reports suggested it had been hacked. Experts believe the Starbucks app was targeted because it stores credit card information. For its part, Starbucks denied the app was hacked.
"When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus,” cyber security expert Brian Krebs said at the time in defense of the coffee juggernaut.
It should be noted that mobile payment options are still in their “infancy,” and that phones themselves are easy enough to hack through apps, wireless signals, and by simply picking the device up and going through it. Using a system that requires two-factor authentication is recommended, as is using completely unique passwords for each account. Mobile payment apps will certainly improve, and in the meantime it’s important to do what you can to preserve the security of your phone and all the accounts it features.