A Defending Digital fan listened to a podcast episode I shared about securing your credit and debit cards, then she said,

I’d be interested in listening to/ reading more about accounts like pay pal and Amazon pay, and the safety (or not) of using them to pay on other shopping sites.

What a great question! I’ve looked into this subject in the past, and this was a good opportunity to see what’s changed recently. These payment options go by several names, including digital wallets, mobile payment apps, mobile wallets, contactless payments, and cashless payments.

By the way, if you ever have a question related to digital security or privacy, please send it in!

Note: this page contains affiliate links. Please see Affiliate Disclosure.

The Threat

As we saw in the post Which Passwords to Change After Credit Card Fraud, credit and debit card fraud is a massive problem. Allow me to remind you of some of the stats.

According to Experian,

the number of credit card numbers exposed in 2017 totaled 14.2 million, up 88% over 2016.

More than 32% of Americans complained about credit card fraud in 2016, double the rate from 2015, according to the Federal Trade Commission.

Credit.com says,

According to the 2016 Consumer Card Fraud Study from ACI Worldwide and Aite Group, nearly one-third of consumers have experienced card fraud in the past five years, and 17% of credit card and debit cardholders say they’ve fallen victim multiple times in that timeframe.

Comparitech.com collected stats, including the following:

The FTC received over 133,000 credit card fraud reports in 2017.

“Card-not-present fraud” is far more prevalent than traditional credit card fraud. Thanks to the increasing popularity of online shopping, card-not-present fraud is now 81 percent more common than point-of-sale credit card fraud.

CreditDonkey.com reported that,

According to ACI, 21% of Americans have dealt with debit card fraud in the past 5 years.

So you may be wary of using a credit or debit card online, or even in a store. You probably have one or more digital wallets or mobile payment apps, such as Apple Pay, Google Pay, Samsung Pay, PayPal, Venmo, Zelle, and Chase Pay. But you may wonder: are these methods of payment more or less secure than using a credit card?

How to Increase Your Security

The short answer is that in general, digital wallets or mobile payment apps provide better security than using your credit card, online or in person. Why?

When you pay with a digital wallet or mobile payment app (Apple Pay, Google Pay, Samsung Pay, PayPal, Venmo, Zelle, Chase Pay, etc.), the merchant (entity you’re paying) doesn’t receive the details of your credit card, debit card, checking account, or other underlying source of funds. Usually they receive a unique, one-time code that’s only good for that purchase. So if a rogue employee tried to steal the transaction details, or the company was hacked, they wouldn’t get your credit card details (or the details of whatever other underlying account you paid with).

PCMag says,

The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn’t do them any good. And paying with a smartphone app completely eliminates the possibility of data theft by a credit card skimmer.

Speaking specifically of Apple Pay, but referencing technology that’s used by several wallets and apps, another PCMag article says,

Touch ID and FaceID comprise a strong first layer of security, but you can never be too safe when it comes to your money. So Apple Pay takes things one step further by obscuring your real card data with anonymized digital tokens. When you make purchases, this anonymous data is the only information retailers receive. Other services like Android Pay and Samsung Pay use a similar fake-number system, but Apple Pay’s single-use tokens change with each transaction (Samsung Pay’s don’t). In fact, your financial service sends a Device Account Number that’s stored on the device in a special chip called a Secure Element. All this makes Apple Pay the most secure payment choice, and even more secure than a plastic card.

Also speaking specifically of Apple Pay, but referencing technology that’s used by several wallets and apps, MacRumors.com says,

Apple Pay is still more secure than a traditional card-based transaction. With Apple Pay, a cashier does not see a credit card number, a name, an address, or any other personally identifying information. There is no need to take out a credit card or confirm the authenticity of a credit card with a driver’s license or ID card, because all of that information is stored on the iPhone and protected by several built-in security systems, including Touch ID.

ForgetComputers.com describes how the technology in digital wallets and mobile payment apps works:

Apple Pay is significantly more secure than a magnetic-strip credit card and has advantages over chip-embedded cards too. … the store where you shop gets no data about you—they don’t know who you are, where you live, what your card number is, or anything else unless you showed a rewards card or provided your phone number. Most importantly, you don’t have to worry about your credit card number being jotted down, scanned, or skimmed. … When you pay with Apple Pay, the Secure Enclave chip transmits the Device Account Number, along with a few other details, including a one-time transaction code. Everything is encrypted, so even if an attacker were listening to the traffic, no transaction details would be revealed.

So, you should use a digital wallet or mobile payment app instead of a credit card, debit card, check, or other “traditional” form of payment whenever it’s an option.

Of course, there are still things you should do to increase your security as you use digital wallets or mobile payment apps. Let’s take a look at them.

Use a Reputable Wallet/App

Not all digital wallet or mobile payment apps have equal security. In general, payment software from large, recognized companies (Apple, Google, PayPal, etc.) is more secure than software from companies you’ve never heard of.

Do a search for digital wallet mobile payment reviews and look for authoritative results from websites in the tech or financial industries.

If you’re considering a particular wallet or app, do a search for its name plus the words security safety; for example, Apple Pay security safety. Again, look for authoritative results from websites in the tech or financial industries.

Secure Your Wallet/App and Account

Make sure that your device (phone, tablet, computer) is secure, to protect the digital wallets or payment apps on your device. That includes locking the screen with a strong password or PIN or biometric authentication (fingerprint, facial recognition, etc.).

Protect the wallet/app itself with a password or PIN or biometric authentication (fingerprint, facial recognition, etc.).

If there’s an online account associated with your wallet/app (such as with PayPal), set a long, complex password that you don’t use for anything else. Store the password in a password manager (I like LastPass). Enable two-factor authentication if it’s an option (if it’s not, consider choosing a different wallet/app).

Link to Credit Card, Not Debit Card, Checking Account, Savings Account

You shouldn’t link your digital wallet or mobile payment app to a debit card, checking account, or savings account. Why? If someone were to gain access to your account, they’d be able to do more damage by having access to those accounts than to your credit card. Another benefit of linking to a credit card is that credit cards generally have strong fraud protection and remediation.

Don’t Buy Over Public Wi-Fi

If you’re buying online, don’t do it over public Wi-Fi (the Wi-Fi offered at many coffee shops, restaurants, public libraries, etc.). Someone else on that network could see what you’re doing, and possibly capture financial data. It’s much safer to use your device’s mobile/cellular data connection. If you must use public Wi-Fi, use a VPN (Virtual Private Network) to protect your traffic as it travels over the public Wi-Fi network. I like ProtonVPN.

Don’t Keep Much Money in an Uninsured Account

If you’re using an account where you can store money, such as PayPal, keep the amount you store there to a minimum. Unlike traditional bank accounts, these digital payment accounts usually aren’t FDIC-insured.

Further Reading

What You Should Do

  1. Do your research and choose a digital wallet or mobile payment app with good security and a good overall reputation. You may use more than one wallet or app depending on your needs.
  2. Secure your wallet or app and its associated account.
  3. Link your wallet or app to a credit card rather than other types of accounts.
  4. Use your digital wallet or mobile payment app instead of other forms of payment whenever possible, online and in-person.
  5. Don’t buy over public Wi-Fi unless you’re using a VPN (Virtual Private Network). It’s better to use your own network or your device’s mobile/cellular data connection.
  6. Don’t keep much money in your digital payment account, unless it’s FDIC-insured.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.