Video: Mobile wallet security -- is it safe to photograph your credit card?
By Dana Kochnower | Published: January 7, 2015
"In here it just shows my virtual credit card, I can click on it, I can see my last transaction," says iPhone user Peter Elia, showing how he uses Apple's mobile wallet app, Apple Pay.
He's excited about the new technology. "I think it's the best idea ever, because I hate carrying a wallet and a phone."
Elia is part of a growing class of cardless consumers driving the mobile payment market. "It's growing rapidly and by 2020 it's estimated to be worth $1.4 billion," says Lucie Greene, worldwide director of market research firm JWT Intelligence.
While mobile payments are catching on, the technology is also raising questions about security and privacy. Forty percent of respondents surveyed by JWT Intelligence said they were "very concerned" about fraud when paying with a mobile phone.
Apple Pay, Google wallet and PayPal all allow you to use your smartphone's camera to upload credit card information to the app.
But could snapping a photo of your card be putting you at risk?
We asked cyber-security expert Robert Stroud. "The difference between just taking a photo with the camera and the app is the app creates a secure environment or a secure session with the process of uploading the information from your credit card or debit card," says Stroud, international president of ISACA, an association for security professionals. "At that point in time, the card information is not actually stored in your recent photos or anywhere on the phone, so you don't have it to be found later."
The card information is not actually stored in your recent photos or anywhere on the phone, so you don't have it to be found later.
Stroud says mobile wallets are actually safer than current credit cards -- because of the way financial information is sent between the app and the bank, replacing your account number with a token.
"The tokenization is a form of encryption or scrambling of card information that allows the application itself to understand who you are and what you are so it can then do the transaction," explains Stroud.
Peter Elia says he likes the convenience of mobile wallets and is not too concerned about his information getting out because he knows he's protected. "Credit cards - it's money, it can be replaced, it's covered by insurance, it's covered by a bank," he says.
"Vendors are staking their reputations on it, they're going to make sure it's secure," says Stroud. "You're protected in a credit card situation by fraud control and the monitoring that's going on 24/7."
Stroud offers these basic rules to keep your information safe:
- Only download and install apps from a trusted source.
- Pay attention to permission requests from apps. Think twice if it's asking for, say, access to your contacts or other features that seem open to abuse.
- Make use of all security features on your phone and mobile wallet, and...
"You have to ensure that that password security's in place, and that you're consistently ensuring that you change your passwords and you keep them sufficiently complex so that they can't be guessed very easily," he says.
- Banks make chargebacks easier to initiate – To dispute a charge, often all it takes is the click of a button on the card issuer's website or app ...
- You may soon be able to buy lottery tickets at grocery checkout – States have to approve shoppers using smartphones linked to credit or debit cards to purchase Powerball and Mega Millions chances ...
- EMV chip card torture test – We put EMV chip credit cards through a series of tests to see how they stand up to common threats such as extreme temperatures, water and corrosive liquids ...