Millennials are increasingly comfortable putting all aspects of our lives online and on our mobile phones. Many of my friends don’t think twice about hooking up credit cards and bank accounts to virtual payment apps that make life easier. Peer-to-peer payment apps allow you to send money to friends and split bills with a simple swipe and tap, while point-of-purchase apps allow you to pay for purchases wallet-free.
But whether it’s with Starbucks or the IRS, it seems like our data—both personal and financial—is not entirely safe online. Experts like Vince Arneja, VP of Product at Arxan, an application protection company, stress that mobile apps in particular are relatively easy to hack.
“Application hacking is becoming easier and faster than ever before,” Arneja says. “There are automated tools readily available in the market to support hacking, and many of them are available for free.” Arxan’s 2014 State of Mobile App Security Report found that 95 percent of Android apps and 70 percent of iOS apps have been hacked. Recent research by Verizon found that in 84 percent of hacking cases, the initial compromise took only a few hours or less to complete.
Michael Kleinman, CEO of credit card processor Centurion Payments, cautions users to ensure the virtual payment systems that they use have security standards that are Payment Card Industry (PCI)-certified. Some apps, he says, “are just trying to get a cool product out in the market.[and] there are a lot of security risks for your data.”
So what can you do to protect yourself? Should you just avoid these systems and stick to credit cards and cold hard cash? Not necessarily. Peer-to-peer mobile payments volume, according to Business Insider could grow to be as much as $86 billion in the U.S. by 2018 (it’s currently around $5 billion), so you better believe that companies with apps that aren’t secure will be working hard to make them so as the industry continues to grow. And in the meantime, there are steps you can take to safeguard your financial data and minimize the risk that you’ll be hacked.
Kleinman suggests linking a credit card, or even better, a prepaid debit card, to minimize the potential damage if an app is hacked. “If you use your banking information, it’s a lot harder for them to have recourse in getting your money back if something fraudulent happens,” he says.
Arxan also recommends downloading banking and payment applications only from certified app stores and not connecting to sensitive bank or email accounts over public Wi-Fi.
About The Apps: A Look at Leading Virtual Payment Apps
You can sign up via email or Facebook for this bank-agnostic app. Venmo is PCI-compliant, but the company does not offer buyer or seller protection and its website warns you to be careful to only use it to pay people you know and trust. Don’t use this when purchasing tickets off Craigslist, for example. Millennials like 23-year-old Dennis Yuan from Naperville aren’t worried about linking up their bank accounts, “It’s really no less safe than using a physical credit card or writing physical checks,” Yuan says. He likes how each payment is clearly labeled in his checking account as a “Venmo Payment.” There’s a 3-percent fee if you link a credit card, but no fee if you link up your bank account.
Either the sender or receiver must have a Chase checking account to use this. Customers like that it isn’t tied to any social networks, there’s no processing fee and that it offers the level of security protection one would expect from a large financial institution like Chase. One downfall is that transactions between a Chase and non-Chase customer can take up to five business days to process.
Sending money to family and friends with this Android and iOS app is free, while businesses pay a 1.5 percent transaction fee. You create a “$Cashtag” that you can share anywhere online with the “cash.me/$Cashtag” format. People can pay you even if they don’t have the app by entering debit or credit card information online. It’s popular for selling items on Craigslist or paying rent, and the money goes directly to your bank account. As for security, Square Cash is PCI-compliant like Venmo.
While Google Wallet is more than a peer-to-peer payment system (you can use it for in-store and online purchases, to store gift cards & more), sending money via the app is free unless you pay via debit card (then there’s a 2.9% fee). The Google app comes with fraud protection, and Google reports that most transactions are instantaneous, but may take 3-10 days if you are uploading funds via a bank account.
As with Google Wallet, Apple Pay users can use the app to pay in-store via their phones (or watches!). Unlike other apps, Apple Pay doesn’t store funds but instead transmits “tokenized” payment information (which is harder to steal than regular encrypted data). Apple Pay hasn’t entered the peer-to-peer payments market.
Tell us: Do you use virtual payment apps? If so, which ones?
If you found this article helpful, check out more from our Tech section here:
- Cyber Crime Expert Marc Goodman’s 11 Tips To Protect Yourself and Your Family Online
- Impact Investing: Putting Your Money to Work for Good
- Learn to Invest Like Warren Buffett