Mobile and Digital Payments: Worth the Risk?

Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top