Digital payment options like Apple Pay, Google Wallet, Venmo and Square allow you to make payments with a tap of your phone or swipe of an app. They’re convenient, but with so many options available, it is hard to know which digital wallet to use—or even if you should use them at all, given potential cybersecurity risks. While we do not recommend any particular app over another, we wanted to provide a few easy guidelines for our clients and followers to make an educated decision.

(photo used under public domain)

Chip Cards

In the past year or so, you have probably received a new chip card in the mail from your bank, and waited impatiently at the checkout counter for 6 to 15 seconds while the transaction goes through. Even though chip cards are not as fast as swiping, when it comes to security, they are miles ahead of the older magnetic stripe cards, and have been widely used for over 10 years internationally. Magnetic stripe cards use the same technology as cassette tapes, and the information can be copied easily. Chip cards are designed to prevent fraud—they are harder to counterfeit, and each transaction is digitally encrypted.

DO use credit cards over debit cards.

Fraudulent transactions can more easily be reversed.

DO choose a secure PIN for your chip card.

Avoid numbers like birthdays, street numbers, and anything else that could easily be guessed.

DON’T assume chip cards are always 100% secure.

If you are at a store that does not have chip card capability and you need to swipe your card instead, you do not benefit from the encryption of the chip. Eventually the magnetic stripe will be phased out and you will use the chip card with a PIN for all purchases. 

It is still possible for someone to steal your card information when you physically hand over your card to a salesperson, or say your credit card number aloud over the phone.

DO watch out for card skimmers.

This is not unique to chip cards, but be aware that there are devices that attach to a card reader and can record your credit card number and PIN. Frequently these are found on ATMs, gas pumps, and grocery checkout lanes. There are a number of ways to spot them, but card skimmers do not all look alike. Some are overhead cameras, and others are inside the card reader itself and near invisible. Here are a few of the simplest precautions:

  • Compare to the other card readers in the store or gas station to make sure yours looks the same.
  • Always cover your hand when entering your PIN (but be aware that there may still be a keystroke recording device in the number pad itself).
  • Jiggle the cover over the slot for the credit card and try to lift up the number pad. If it falls off and reveals the real one below, you have just deactivated a card skimmer!

Digital Wallets

Entering your payment information in your mobile phone feels less secure than physically protecting your cards. Who truly has access to your information and how safe is it? In reality, using your phone and a digital wallet app (or a digital wallet card—more on those later) can add an extra layer of protection, but adoption of these technologies has been slow at smaller retailers. Wherever you see the contactless symbols below, you can use a digital wallet app.

Apple Pay, Google Wallet and Square are some of the big players in this space, but more and more digital wallet apps are being launched all the time. These apps allow you to enter your payment information, and when you tap your phone (or other device) at the checkout counter, the app further encrypts your data. Your card number or account number is never stored on your phone, just an encrypted code. This makes it even more difficult to hack the transaction compared to using the card alone, and the person at the checkout counter never actually sees your card number!  Your phone password also provides an extra layer of security.

Some digital wallets also allow the option to use a physical card in conjunction with the app. But why send your payment information from your credit card to an app, then back to a different card? The idea is to combine all your debit or credit cards accounts in one card, and switch between them using an app. This can be helpful if you want the security of digital wallets combined with the convenience of a physical card that is accepted at retailers and ATMs.

DO make sure your phone is locked with a passcode and/or Touch ID, and that you use a PIN for the digital wallet app.

Most people keep so much personal information on their phones without realizing it! Online banking apps, browser history, and recent routes on your GPS app can all give a criminal valuable information about you. Don’t just give it away by leaving your phone unlocked.

DO wipe your digital wallet app if you lose your phone.

Digital wallet apps have the ability to be wiped clean if you lose your phone and someone is able to guess your phone’s passcode. Apple phones can be wiped completely blank so that a thief is not able to access any information at all.

DON’T use public wi-fi.

In your phone settings, select the option to only connect to approved wi-fi hotspots. Even though your payment information is encrypted, this is an extra step of security for all data on your phone! If you must use public wi-fi, a Virtual Private Network (VPN) service can lessen the chances of a hacker being able to access your information.

Peer-to-Peer Payment

Some digital wallet apps include peer-to-peer payments as an added feature, but there are also services available that focus entirely on making it easy to transfer money between individuals. Big players in the space include Paypal, Google Cash and Square Cash, but perhaps the most infamous is Venmo, known for its popularity on college campuses, and its huge security oversights in its early days (which have since been addressed). Gone are the days when everyone had a checkbook!

DON’T assume payment is immediate.

Some peer-to-peer money transfers take a few days to clear, like a check. You will know the transaction went through when you see it in your bank account—don’t go by the balance within whatever app you use.

DON’T provide goods before you receive payment.

It’s very convenient to sell used goods on Facebook, Ebay or Craigslist—but seller beware. Scammers may pretend to buy something, send a payment, and then quickly reverse the transaction during the time it takes for the transaction to clear.

DON’T use checks with people you don’t know or trust.

While checks may be the most convenient universal option if you just don’t want to bother with apps to pay your share of the family vacation, they are the least secure payment method out there because they include your bank routing number and account number.

DO be aware of fees.

For example, while there is no fee to send money via Paypal, there is a fee to receive money. If you’re selling goods online and accepting Paypal payments, that may just be a cost of doing business, but if you’re trying to decide whether to use Paypal or Google Wallet to split your cost of a weekend away with friends, that fee could be a dealbreaker.

DO limit the amount of money in any account you use for peer-to-peer payment.

Most apps do not require you to link a bank account (you can use a credit card) but if you do, they may waive the transaction fee. The best practice is to use a bank account with a low balance (or one that you only fill with the exact amount you want to transfer). It should not have an automatic overdraft link to any of your other accounts. Even if something goes wrong, it’s not going to affect the money you need for living expenses.

DO monitor your transactions carefully.

Even before the age of Square and Venmo, it has always been a good idea to monitor your personal cash inflow and outflow for fraudulent transactions. This is especially important today!

Whatever payment method you use, there is no way to absolutely eliminate the possibility of fraud or theft. But there are many steps you can take to reduce the odds, and we hope this piece helps you do so! If you suspect your security has been breached, please contact your bank immediately to cancel your card(s), reverse any fraudulent transactions, and let us know at Halpern Financial as well. We can help you to take the appropriate steps to protect your personal financial information.

IMPORTANT DISCLOSURE INFORMATION

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Halpern Financial, Inc.), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Halpern Financial, Inc. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Halpern Financial, Inc. is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of the Halpern Financial, Inc.’s current written disclosure statement discussing our advisory services and fees is available for review upon request.