A Defending Digital fan listened to a podcast episode I shared about securing your credit and debit cards, then she said,
I’d be interested in listening to/ reading more about accounts like pay pal and Amazon pay, and the safety (or not) of using them to pay on other shopping sites.
What a great question! I’ve looked into this subject in the past, and this was a good opportunity to see what’s changed recently. These payment options go by several names, including digital wallets, mobile payment apps, mobile wallets, contactless payments, and cashless payments.
Today, we’re going to talk about how to secure your digital wallets and mobile payments to safeguard your accounts and of course, your finances.
By the way, if you ever have a question related to digital security or privacy, please send it in!
As we saw in the post Which Passwords to Change After Credit Card Fraud, credit and debit card fraud is a massive problem. Allow me to remind you of some of the stats.
the number of credit card numbers exposed in 2017 totaled 14.2 million, up 88% over 2016.
More than 32% of Americans complained about credit card fraud in 2016, double the rate from 2015, according to the Federal Trade Commission.Experian
According to the 2016 Consumer Card Fraud Study from ACI Worldwide and Aite Group, nearly one-third of consumers have experienced card fraud in the past five years, and 17% of credit card and debit cardholders say they’ve fallen victim multiple times in that timeframe.Credit.com
The FTC received over 133,000 credit card fraud reports in 2017.
“Card-not-present fraud” is far more prevalent than traditional credit card fraud. Thanks to the increasing popularity of online shopping, card-not-present fraud is now 81 percent more common than point-of-sale credit card fraud.Comparitech.com
According to ACI, 21% of Americans have dealt with debit card fraud in the past 5 years.CreditDonkey.com
So you may be wary of using a credit or debit card online, or even in a store. You probably have one or more digital wallets or mobile payment apps, such as Apple Pay, Google Pay, Samsung Pay, PayPal, Venmo, Zelle, and Chase Pay.
But you may wonder: Are digital wallets safe? Are mobile payments secure? Are these methods of payment more or less secure than using a credit card?
How to Increase Your Security
Mobile Payment/Wallet Security
You may wonder, is Apple Pay safe? How secure is Google Pay? Is Samsung Pay safe? and similar questions, about various mobile payment apps and digital wallets.
The short answer is that in general, digital wallets or mobile payment apps provide better security than using your credit card, online or in person. Why?
When you pay with a digital wallet or mobile payment app (Apple Pay, Google Pay, Samsung Pay, PayPal, Venmo, Zelle, Chase Pay, etc.), the merchant (entity you’re paying) doesn’t receive the details of your credit card, debit card, checking account, or other underlying sources of funds. Usually, they receive a unique, one-time code that’s only good for that purchase. So if a rogue employee tried to steal the transaction details, or the company was hacked, they wouldn’t get your credit card details (or the details of whatever other underlying accounts you paid with).
The app generates a one-use authentication code, good for the current transaction only. Even if someone filched that code, it wouldn’t do them any good. And paying with a smartphone app completely eliminates the possibility of data theft by a credit card skimmer.PCMag
Speaking specifically of Apple Pay, but referencing technology that’s used by several wallets and apps, another PCMag article says,
Touch ID and FaceID comprise a strong first layer of security, but you can never be too safe when it comes to your money. So Apple Pay takes things one step further by obscuring your real card data with anonymized digital tokens. When you make purchases, this anonymous data is the only information retailers receive. Other services like Android Pay and Samsung Pay use a similar fake-number system … . In fact, your financial service sends a Device Account Number that’s stored on the device in a special chip called a Secure Element. All this makes Apple Pay the most secure payment choice, and even more secure than a plastic card.PCMag
Also speaking specifically of Apple Pay, but referencing technology that’s used by several wallets and apps, MacRumors.com says,
Apple Pay is still more secure than a traditional card-based transaction. With Apple Pay, a cashier does not see a credit card number, a name, an address, or any other personally-identifying information. There is no need to take out a credit card or confirm the authenticity of a credit card with a driver’s license or ID card, because all of that information is stored on the iPhone and protected by several built-in security systems, including Touch ID.MacRumors.com
Apple Pay is significantly more secure than a magnetic-strip credit card and has advantages over chip-embedded cards too. … the store where you shop gets no data about you—they don’t know who you are, where you live, what your card number is, or anything else unless you showed a rewards card or provided your phone number. Most importantly, you don’t have to worry about your credit card number being jotted down, scanned, or skimmed. … When you pay with Apple Pay, the Secure Enclave chip transmits the Device Account Number, along with a few other details, including a one-time transaction code. Everything is encrypted, so even if an attacker were listening to the traffic, no transaction details would be revealed.TheMACGuys.com
So, you should use a digital wallet or mobile payment app instead of a credit card, debit card, check, or other “traditional” form of payment whenever it’s an option.
Of course, there are still security risks with digital wallets and mobile payment apps. So, it’s worth taking steps to increase your security as you use them. Let’s take a look at them.
Use a Reputable Wallet/App
Not all digital wallets or mobile payment apps have equal security. In general, payment software from large, recognized companies (Apple, Google, PayPal, etc.) is more secure than software from companies you’ve never heard of.
Search for digital wallet mobile payment reviews and look for authoritative results from websites in the tech or financial industries.
If you’re considering a particular wallet or app, search for its name plus the words security safety; for example, Apple Pay security safety. Again, look for authoritative results from websites in the tech or financial industries.
Some wallets and apps have been renamed, so you may come across outdated names in your research. For example, Google Wallet and Android Pay were merged into Google Pay. Also, some people use nicknames; for example, GPay to refer to Google Pay.
Most-Used Digital Wallets and Mobile Payment Apps
As you research, you may wonder, “What are the top-used mobile wallets?” Here are those with the most users, using data from Auriemma Consulting Group in October 2018:
- Apple Pay: 77% of mobile wallet transactions
- Samsung Pay: 17%
- Google Pay: 6%
A survey from 451 Research in mid-2018 found that consumers use these digital wallets:
- PayPal: 66.9% of consumers had used
- Apple Pay: 30.5%
- Samsung Pay: 10.4%
- Google Pay: 12.9%
The first set of data focuses on transactions processed, and the second set focuses on which apps consumers use. I don’t know if the first set considered PayPal a digital wallet.
Is Apple Pay Secure?
Yes, Apple Pay is safe to use. Merchants you buy from don’t receive the details of your credit card (or other account details); they only receive a unique, one-time code that’s only good for that purchase. Even Apple doesn’t see the details of your transaction.
Apple is a reputable company that takes steps to secure the Apple Pay system. Apple doesn’t have access to the cards and other payment methods you store in Apple Pay.
It’s still worthwhile to take the steps listed below to secure the Wallet app and your Apple account.
Is Samsung Pay Secure?
Yes, Samsung Pay is safe to use. Merchants you buy from don’t receive the details of your credit card (or other account details); they only receive a unique, one-time code that’s only good for that purchase.
Samsung is a reputable company that takes steps to secure the Samsung Pay system. Samsung doesn’t have access to the cards and other payment methods you store in Samsung Pay.
It’s still worthwhile to take the steps listed below to secure the Samsung Pay app and your Samsung account.
Is Google Pay Secure?
Yes, Google Pay is safe to use. Merchants you buy from don’t receive the details of your credit card (or other account details); they only receive a unique, one-time code that’s only good for that purchase.
Google is a reputable company that takes steps to secure the Google Pay system. Google doesn’t have access to the cards and other payment methods you store in Google Pay.
It’s still worthwhile to take the steps listed below to secure the Google Pay app and your Google account.
How To Secure Your Digital Wallet/s and Mobile Payment Accounts
Make sure that your device (phone, tablet, computer) is secure, to protect the digital wallets or payment apps on your device. That includes locking the screen with a strong password or PIN or biometric authentication (fingerprint, facial recognition, etc.).
Protect the wallet/app itself with a password or PIN or biometric authentication (fingerprint, facial recognition, etc.).
If there’s an online account associated with your wallet/app (such as with PayPal), set a long, complex password that you don’t use for anything else. Store the password in a password manager (I like
Link to Credit Card, Not Debit Card, Checking Account, Savings Account
You shouldn’t link your digital wallet or mobile payment app to a debit card, checking account, or savings account. Why? If someone were to gain access to your account, they’d be able to do more damage by having access to those accounts than to your credit card.
Another benefit of linking to a credit card is that credit cards generally have strong fraud protection and remediation. They often have zero-liability policies, meaning that if you report a fraudulent transaction, you don’t need to pay anything for that transaction. For debit cards, checking accounts, and savings accounts, zero-liability policies are much less common, meaning that you may be required to pay some or all of fraudulent transactions.
From a safety perspective, the payment methods to avoid are those that are “closest to” or most similar to cash: debit cards, checking accounts, and savings accounts. You get more protection from putting one or more layers between you and your cash, which is what credit cards do.
Don’t Buy Over Public Wi-Fi
If you’re buying online, don’t do it over public Wi-Fi (the Wi-Fi offered at many coffee shops, restaurants, public libraries, etc.). Someone else on that network could see what you’re doing, and possibly capture financial data. It’s much safer to use your device’s mobile/cellular data connection. If you must use public Wi-Fi, use a VPN (Virtual Private Network) to protect your traffic as it travels over the public Wi-Fi network. I like ProtonVPN.
ProtonVPN offers secure VPN through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even when you are using public or untrusted Internet connections.
Don’t Keep Much Money in an Uninsured Account
If you’re using an account where you can store money, such as PayPal, keep the amount you store there to a minimum. Unlike traditional bank accounts, these digital payment accounts usually aren’t FDIC-insured. I recommend transferring any money you don’t need to keep in your digital wallet or mobile payment app to an FDIC-insured bank account.
- Secure Online Shopping With PayPal: 7 Tips To Protect Your Money (financesonline.com)
- Apple Pay Is Faster, Easier, More Secure, and More Private Than Using Credit Cards (theMACguys.com)
- Apple Pay, Samsung Pay & Google Pay: Why They’re Safer Than The Card (listerhill.com)
- Apple Pay security and privacy overview (apple.com)
- How Secure Is Samsung Pay? (samsung.com)
What You Should Do
- Do your research and choose a digital wallet or mobile payment app with good security and a good overall reputation. You may use more than one wallet or app depending on your needs.
- Secure your wallet or app and its associated account.
- Link your wallet or app to a credit card rather than other types of accounts.
- Use your digital wallet or mobile payment app instead of other forms of payment whenever possible, online and in-person.
- Don’t buy over public Wi-Fi unless you’re using a VPN (Virtual Private Network). It’s better to use your own network or your device’s mobile/cellular data connection. I like ProtonVPN.
- Don’t keep much money in your digital payment account, unless it’s FDIC-insured.
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.