*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Jul 13, 2015, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
A recent study noted that almost half of the world’s credit card fraud takes place in the U.S., although we only account for a quarter of the global credit card volume. Many experts attribute this disparity to the fact that the U.S. has lagged behind the rest of the world in adopting EMV chip enabled credit cards. But it doesn’t stop there.
Starbucks made headlines in May, but not in a good way. Multiple major news outlets – including CNN and ABC News – reported that criminals had hacked into the Starbucks’ mobile payment app and drained funds from unsuspecting Starbucks customers. Hackers chose to target the Starbucks app because many coffee addicts store their credit card information in the Starbucks app so their loyalty account can be automatically reloaded once the funds have been depleted.
The app is the preferred means of payment for many loyal customers. Some estimate that the use of the mobile payment system accounts for more than 15% of all customer purchases. Starbucks also benefits because a company app can reduce overhead and expenses by allowing a company to pay lower fees when accepting debit or credit card payments.
Starbucks Denies its App Was Hacked
In an official statement, Starbucks claimed that their mobile app had not been hacked, and that any news reports that stated otherwise are simply false. Starbucks’ side of the story was supported by prominent cyber security expert, Brian Krebs. He is widely known as the most knowledgeable person in the cyber-crime industry, and he claims that this time, the media got it wrong. “When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus.” Ouch.
Other Payment System Problems
Does that mean there is nothing to worry about when using mobile payment technology? Not exactly. One of the leaders in mobile app technology for processing payments is a company called Venmo, owned by PayPal. Venmo processes hundreds of millions of dollars in transactions each month. The company’s chief security officer recently apologized to customers who complained that Venmo had not done enough to respond to fraudulent activity in their accounts.
That apology followed a rather scathing article published on Slate.com, describing how a Venmo customer lost thousands of dollars when he believed that his account was hacked. His bank, JP Morgan Chase, responded quickly and refunded the money that had been taken. Meanwhile, Venmo allegedly took almost two days to respond. That’s a significant delay because Venmo apparently has a policy that if you lose money due to fraudulent use, you only have 48 hours to report it before you lose much of your liability protection.
Mobile Tech is Still Relatively New
Obviously, mobile payment technology is still in its infancy and is not yet bulletproof. Hackers are sophisticated, too, and the malware protection for mobile apps can still have serious vulnerabilities in the protection it offers. Phones themselves are not particularly secure either; when you use a smart phone for wireless payment transactions, you are dealing with several kinds of technology that have to all work together in a seamless but secure way. For example:
- There’s the phone itself, which can be accessed by someone simply picking it up. You’ll have some added protection if it’s password protected.
- The apps inside the phone are each separate types of software with their own potential vulnerabilities.
- Last but not least, you are using wireless signals that, in some cases, can be captured by fraudsters – particularly if you use a public network without sufficient firewall security.
Steps You Can Take for Added Protection
What can you do to help ensure you have the best protection currently available? Experts suggest using a system or platform that requires two-factor authentication. That means that after you type in your password, you also have to provide additional information. Sometimes that will be a separate temporary passcode sent to you via text message.That may seem like a hassle, but if the apps you use offer that option, you should definitely use it. A small inconvenience now is much better than a larger, more expensive data breach later.
The final piece of advice that is easy to ignore, but is absolutely essential, is to use unique, one-of-a-kind passwords for each account. Much of the hacking happens because criminals steal one important password and try it out on more critical applications, such as bank and credit card accounts, and Voila! it works there, too! Eventually technology will improve and so will the security of payment apps, but in the meantime multiple technologies are susceptible to fraud and consumers should take the necessary precautions to make sure private information is secure.
*The content in this article is accurate at the publishing date, and may be subject to changes per the card issuer.