Hacking
Payment Apps, can they be trusted?
The world is becoming more fast-paced with each passing day, and payment apps have become more common. In this new environment, technology is advancing quickly to meet the demands of individuals who need help achieve their daily tasks and long-term goals. Online payments are rapidly becoming one of our fastest evolving industries, aiming to make the transfer of money from one person to another more convenient.
Digital banking and payment apps are rapidly rising in popularity. People no longer wish to carry around cash and are happy to use their mobile devices to send and receive money. However, as when anything new comes along, we have to balance the convenience against the risk and ask ourselves one very important question, is it safe?
For me, the answer is: not safe enough. That does not necessarily mean you shouldn’t use them, but we all know that a single bad user experience with security can be the difference between a company having a trusted application or a costly breach. A lot of what we talk about in security is hypothetical so I would like to offer my own real-life lesson on why data security knowledge is vital.
The first payment app I signed up for was PayPal. I was using it to buy some rock climbing equipment from a third party seller who processed all their payments through this service. The bad actor who eventually managed to gain access to my PayPal account did so through a very simple and common method. The attacker first gained access to my weakly protected social media account after doing some basic research on my publicly viewable profile. They attempted an informed brute force attack and managed to gain access to my account and password. At the time, I was blissfully unaware of what constituted good data security and had the same password and email for almost every online account ( which is no longer the case, sorry hackers). With my sensitive data in their possession, the attacker was able to infiltrate my PayPal account and attempted to steal the money on my stored payment card info.
It ultimately transpired that blind luck was to be my savior. The payment card data I had stored on my PayPal account was out of date, and this was the attacker’s downfall. I received a notification from both my social media provider and PayPal explaining that there was some unusual login activity originating from a country that I had never visited, which raised the alarm for me that something was amiss.
The attacker made a very bold move by emailing me directly, with a fake email from PayPal requesting that I update my payment card information immediately. Luckily I spotted some spelling errors that caused me to become suspicious. the email read something like this:
“Please do be sending your updated pay card information immediately to PayPal for reviewing,
Thank you,
Rajesh,
Pay Pal, team.”
Nice try ‘Rajesh’. But you won’t be getting access to my ‘information anytime soon.
At this point, I was relieved and reported the fraudulent activity to PayPal, who swiftly deleted all my data as per my request.
The main lesson to take away from my experience is to use the convenience of payment apps with caution and skepticism. Coupled with good cybersecurity methods and a secure password, payment apps can be very useful in our fast-paced world.
The transit of any information through wireless means always carries a certain degree of risk and financial data is no different. This valuable information is highly sought after by cybercriminals, so it is safe to assume that new payment card apps that may not have the most rigorous security standards in place, are likely in their crosshairs.
Yet we continue to use these new applications to spend our hard-earned money. Why? Convenience. You no longer have to carry cash in your pocket that is susceptible to being stolen by more conventional means. We trust the digital realm to take better care of our money, without fully understanding the risks and how it all works.
But the question remains, how safe are these payment apps? The answer depends on you and the platform you choose. There are myriad of online payment apps available so it is important to choose one that has sufficient security in place to protect your data. An example of this would be an app that offers the option to enable two-factor authentication when making a payment. This adds an extra layer of security to your transaction and helps to ensure that you are the only one who can spend your money.
Would you trust a bank to take care of your money if it left the vault door unlocked, no? So why would you trust an app who was equally as careless on the digital side?