Ways to Secure Mobile Payments on Apps

More than 100 million Americans use mobile payment apps like Venmo, Google Pay, Apple Pay, and Zelle as a convenient way to instantly send money to friends and family or purchase products and services. Adoption of these peer-to-peer payment apps has surged, with global transaction volume topping $1.7 trillion in 2021, a 27% jump over the year before.

But mobile payment apps can also be equally attractive to cybercriminals, who recognize that the apps are conduits of cash often connected to a bank account. In addition, the combination of finance and social media built into some payment apps has created lucrative opportunities for fraud and phishing—scams where criminals try to trick people into giving away sensitive personal information, such as a password or Social Security number.

Losses to consumers through mobile app cybercrime have become substantial: In 2021, U.S. consumers lost $130.9 million to fraud on mobile payment apps, compared with $87.9 million the year before, according to the Federal Trade Commission. Some 13% of payment app users have been victims of scams and 11% said their accounts had been hacked, a 2022 Pew Research study found.

To protect your mobile phone and your money, here is information about the different types of mobile payment app scams and cyberthreats and simple ways to safeguard against fraud and other forms of cybercrime.

Transcript available below graphic

Mobile Payment App Scams

Bad actors are known to swindle people through a variety of techniques designed to exploit human emotions and behavior. They count on users’ fallibility and/or ignorance of scamming tactics for their plots to work. If you lose money to scammers, it will be all but impossible to recover those funds. Mobile payment apps do not offer fraud protection because their payments process immediately like cash. Therefore, learning about the popular methods used against payment app users today can help you identify when a fraudulent scheme is in the works and avoid falling victim to it.

Here are some examples of common mobile payment app scams:

• Posing as bank representatives, cybercriminals send text messages that appear to be legitimate bank fraud alerts about fake money transfers. Criminals may follow up with a phone call whose bogus toll-free number appears to match the financial institution’s real support number.
• Scammers pose as payment app support staff and send texts advising users to change their passwords—then offer to help them do so, pilfering their credentials (username and password) in the process.
• Cybercriminals offer brand-name products at extraordinarily low prices, ask for advance payment via mobile app, then vanish.
• Scammers send a text or email that appears to be from a known person or business asking the recipient to send payment using their mobile payment app. The adversary then pockets the proceeds.

All scams, including those related to mobile payment apps, are forms of social engineering, which is a cybercriminal technique that manipulates people into handing over money or sensitive information. To fight back against social engineering via email (phishing), text (smishing), and voice call (vishing), try the following:

• Review all email, phone calls, and texts from strangers with a critical eye. A rule of thumb: If something seems too good to be true, it probably is.
• Avoid opening attachments or clicking on links until you confirm the sender is authentic. Look up their information in a separate online search or, if the sender claims to be from a mobile payment app or other business you use, contact them directly.

Mobile Payment App Vulnerabilities and Threats

Not all payment app security risks are tied to social engineering scams. Mobile payment apps, like all software applications, require periodic updates to fix security bugs that allow cybercriminals to infiltrate. In addition, mobile phones themselves represent several potential security pitfalls. They, too, require that users run updates to patch vulnerabilities in the phone’s software. Consider that mobile devices also carry inherent risks that include loss or theft and unsecured connections to public Wi-Fi.

The phone’s small size—and hit-or-miss keyboards—contribute to potentially costly mistakes. A single incorrect letter can transmit funds to a total stranger. Similarly, one incorrect number—typing $500 rather than $50—can send the wrong payment amount, which cannot be reversed.

To protect against mobile payment app and phone vulnerabilities and cyberthreats, follow these simple steps:

• Check your phone’s settings for notifications about software updates to any of its apps as well as the phone itself. Run the update immediately to prevent cybercriminals from hacking your payment app or phone.
• Refrain from using your mobile payment app when connecting to unsecured public Wi-Fi. Make sure you are either using password-protected Wi-Fi or your provider network.
• Equip your phone’s tracking capabilities so that if it is lost or stolen, you can discover where it is located.
• If you have not created a passcode or set up face or touch ID for your mobile phone, do so immediately.
• Set your screen to sleep after less than one minute of inactivity to keep prying eyes (and hands) away.