Mobile Payments Taking Off: Mobile Security Tips to Stay Safe

For those of us on-the-go, mobile phones have already replaced a lot of other devices. It’s a computer, a camera, a music player, a GPS, a thermometer, a tape recorder, a calculator, a compass, an address book and a clock, just to name a few. Now the mobile phone is about to replace another essential tool in our daily lives: our credit card.

According to a recent article in The New York Times “a number of big and small companies — including eBay’s PayPal unit, Intuit, VeriFone and Square — are creating innovative ways for individuals to avoid cash and checks and settle all debts, public and private, using their cellphones.”

Now instead of throwing down multiple credit cards after a nice dinner, friends are bumping Blackberries to settle the bill. It’s very cool, but it does beg the question – what about security of these transactions? Physical credit cards are burdened by a tremendous amount of theft and fraud; however this theft and fraud is a well understood problem: banks have sophisticated fraud detection systems, fraudulent merchants lose their ability to accept credit cards, and people know to report lost or stolen cards immediately.

Mobile payments have an opportunity to be an efficient and convenient way to make purchases; however, we’ll need to learn lessons not only from physical payment cards and from PC-based payments, but we’ll also need to look at the unique security threats on mobile devices. With millions of transactions streaming across phones every day, mobile payments seem to be an obvious next target for criminal hackers trying to make money from stealing identities and emptying out unsuspecting bank accounts.

So, what’s the answer to securing mobile payments? While this is almost certainly a question that will only be answered as threats evolve, there are measures you can take to protect yourself now.

Tips on How to Protect Yourself When Using Mobile Payments

Most importantly, practice common sense.  Here are a few quick tips on how you can protect yourself:

1. Use care when logging in to payment services from your phone.

Just as you need to be careful when you give your credit card number to someone, be careful where you enter your login information. “Phishing” attacks have already been seen in the wild targeting mobile banking users, trying to fool people into giving up their login information.  Never enter your login on a website or in a mobile application that doesn’t come directly from a trusted company.

2. Set a strong password.

Be sure to use a strong password that you don’t use anywhere else for any payment services.

3. Download applications from trusted sources.

A piece of malware on your phone can do a lot of nasty things, so it’s important to be careful when you download apps.  While it’s best to only download applications from trusted sources and trusted developers, trust is often difficult to establish with the limited information available on an application store or download site.  For some apps, you may recognize the application or developer name, although it could be an imposter repackaging the original company’s application (as was the case with the 3-D Anti-Terrorist Game).  Otherwise, looking at the number of downloads and ratings helps, but it’s still not always perfect.  Having a security app on your phone can help in case you download something that seemed OK but was actually malicious.  At Lookout, for example, we’re constantly doing deep analysis and research so that you’ll be protected from malware and other threats without having to become a security expert.

4. Download updates for payment apps frequently.

Like any application on your PC, a payment application on your mobile device may have security bugs.  Make sure to always download updates for banking and payment applications when they are available to take advantage of any security enhancements and bug fixes.  Most application stores on smartphones have update mechanisms to notify you when updates are available.

As people find more amazing things to do with their phones, new types of malicious behavior will be sure to appear.  By keeping the lessons of the past in mind and staying on top of unique mobile threats to come, we’ll be able to take advantage of the incredible promise of mobile technology and make sure people stay safe in the process.

Stay tuned as we’ll be sure to keep you up to date with the latest happenings in the mobile world.