Mobile Payment Security Tips
Date: 3 Jun 2021
Organisation : Octopus Cards Limited
Writer : Mr Alan CHAN
Can you imagine what your life would be like nowadays without your mobile phone? You can use it for just about everything – texting, watching videos, playing games… and even making payments by simply tapping your phone to any merchant accepting mobile payment. However, some people still hesitate to use mobile payment since they doubt its security. Is it really riskier or actually safer to make mobile payment when compared to using the traditional plastic payment card? And what can a consumer do to protect oneself when making mobile payment?
First thing first, let’s define mobile payment. You may use your mobile phone to open an app or visit a website for online shopping and making payment. However, this does not restrict to mobile phones and thus is not within our scope of discussion. In this article we refer mobile payment to the contactless point-of-sale (POS) between a consumer’s mobile device and a merchant’s POS device. The consumer taps a mobile device on the merchant’s POS terminal to make a payment. It emphasises the physical presence of the mobile device. Typical examples of mobile payment are Apple Pay, Google Pay, Smart Octopus, etc.
The definition is important so that we can draw an analogy between mobile payment and the traditional payment card, be it a credit card or the Octopus card. As you may understand for a traditional payment card, the chip is the heart of security, which stores and protects all sensitive information. Similarly, a component called Secure Element (SE) in the mobile phone serves the same purpose. It is a tamper-resistant, secure hardware environment for hosting sensitive applications and data. Access to the SE by any mobile app is strictly controlled and tested by the mobile device manufacturers. That is how Apple Pay, Samsung Pay, Huawei Pay and Smart Octopus work. You can rest assured the security of the technology behind.
Even with the built-in security features, you always want to make sure your information and payment as safe as possible. Below are a few easy tips.
- Protect your device
Lock your phone with anything only you know or you have, like password, PIN, fingerprint, facial recognition, etc. You should also set up your phone with the remote lock or wiping option to prevent data leakage in case you lose it. Protecting your own device is the first step of security before you do anything else with the phone. - Secure your device
Make sure your payment is performed on a safe and trusted platform. Never jailbreak or “root” your device. Once the security of your device has been broken, you can no longer trust anything on it. - Download trustworthy apps
Use payment apps that are preinstalled on your phone or download them from official app stores like Apple App Store and Google Play. Apps in third-party marketplaces may contain malware or spyware to capture your payment information or perform fraudulent transactions. - Review your transactions
Check your transactions on a regular basis. Some apps provide a real-time notification for each transaction. They also have features to easily check past transactions. This allows you to spot any suspicious activity timely.
With peace of mind, you can sit back and enjoy the convenience of mobile payment in a cashless and wallet-less society.