The nature of identity fraud is changing. With the rollout of smart chips in credit and debit cards making it more difficult to steal using cards themselves, thieves have their eyes on your data instead.
If you don't protect yourself, you could join the 13.1 million Americans Javelin Strategy & Research reported got hit by identity thieves in 2015.
While mobile banking and payments are certainly making it easier and more convenient to handle one’s finances and conduct business, the same ease and convenience make them a ripe target for criminals, says Madeline Aufseeser, CEO of fraud-prevention company Tender Armor.
"Because merchants are trying to make it easier for consumers to shop online and on their phones, all your credentials are stored online, including payment information, and you don’t even need a basket — just click a button and boom, you get charged. Because they have gone down this path of making things easier to purchase online, it makes it easier for the fraudsters to get to the data," said Aufseeser.
While physical card fraud is still the preferred choice of fraudsters, the steady increase in mobile and online payments will begin to attract more attention from criminals, according to Al Pascual, senior vice president, research director and head of fraud and security at consulting firm Javelin.
"One thing can be assured of fraud: Criminals will go where the money is. We will probably see a pretty noticeable increase in mobile payment fraud as the number of payments grows," Pascual said.
The data suggest the shift has already started. Consumers are turning to their phones more often to manage their finances, from depositing funds to paying bills to splitting dinner and a movie among friends. Mobile payment apps are growing in popularity, particularly among Millennials. A 2014 survey by FICO found that 32% of consumers 18 to 34 had used some kind of mobile payment app, and 23% had used a peer-to-peer lending app. According to consulting firm Accenture, 94% of consumers under 35 access their banking services through the Web and mobile apps. Accenture also estimates that mobile wallet transactions will explode to 1.31 billion by 2019, up from 240 million in 2014.
"It's a good time to be a criminal who wants to open fraudulent accounts because there’s so much personal information floating out there. It's the next frontier of fraud," said Pascual.
Safety tip No. 1: Update that OS
People who are not careful about how they use their mobile payment apps, where they use them and how they manage their mobile devices are putting themselves at risk. For starters, avid users of mobile payment services people should always keep their mobile operating system, or OS, up to date. Ignoring updates for Android or iOS means ignoring free security patches for vulnerabilities hackers already know how to exploit.
Safety tip No. 2: Update that app
The same goes for the apps themselves — keeping a payment app completely up to date means keeping its security protocols as strong as they can be. Some apps introduce new security features, like biometric sign-in capabilities. Both Pascual and Aufseeser stress the importance of two-factor authentication for passwords and personal information to double down on account protection.
Safety tip No. 3: Beware of Wi-Fi
Accessing a mobile banking app or a payment app while on public Wi-Fi also makes it easier for criminals to “eavesdrop” on the information one’s phone is sending and accessing, exposing usernames, passwords and any stored information on the phone — including saved credit or debit card info from payment apps. Consumers with data to spare should limit their use of public Wi-Fi hotspots when accessing sensitive information, checking a bank statement, sending a payment, etc. Keep in mind, fraudsters and hackers can eavesdrop on any information sent over public Wi-Fi, so mind your browsing and emailing in public spaces.
Safety tip No. 4: Watch out for person-to-person payments
Besides guarding yourself from hackers, you have to be on guard about the people you do business with as well. The wild west of mobile payments has tangible, real-world fraud risks associated with it. The incredibly popular person-to-person payment app Venmo, which processed more than $1 billion in payments in January, has exposed some of the weaknesses in the mobile payment ecosystem.
While users expect their payments to be safe and instantaneous, the reality is more complicated. Payments take time to process, which leaves a period of time during which scam artists can abuse a clause in Venmo’s user agreement that prohibits “business, commercial, or merchant transactions.” The buyer cancels their payment and the seller cannot get the money back because, technically, they broke Venmo’s rules. In short: If you sell something to someone and they take back their payment, you’re out of luck.
This phenomenon is not unique to Venmo — various frauds and scams have plagued person-to-person payment sites and apps since the dawn of the Internet. Fraudsters populate websites like Craigslist and Ebay and use PayPal scams to rip off unsuspecting users, like having a seller send their item to a different address than is listed on the buyer's PayPal account, effectively voiding any protections from PayPal and allowing the scammer to recall their payment and keep the item. However, as the Consumer Federation of America noted in its March newsletter, there is no federal law that provides payment dispute rights.
Without laws in place, it falls to the company that owns the payment platform to resolve disputes — and when it comes to cybercriminals and fraudsters, they are pretty good at covering their tracks and leaving their victims high and dry.
While banks are investing heavily in cybersecurity — a survey of chief information officers from 50 major banking institutions conducted by American Banker found that roughly 65% said data and customer security were of the highest priorities for their companies — and agencies like the Consumer Finance Protection Bureau have been examining mobile financial services closely, consumers should still be careful when sending payments with their phones.