Payment Apps, can they be trusted?

Hacking

21/09/2018

Payment Apps, can they be trusted?

The world is becoming more fast-paced with each passing day, and payment apps have become more common. In this new environment, technology is advancing quickly to meet the demands of individuals who need help achieve their daily tasks and long-term goals. Online payments are rapidly becoming one of our fastest evolving industries, aiming to make the transfer of money from one person to another more convenient.

Digital banking and payment apps are rapidly rising in popularity. People no longer wish to carry around cash and are happy to use their mobile devices to send and receive money. However, as when anything new comes along, we have to balance the convenience against the risk and ask ourselves one very important question, is it safe?

For me, the answer is: not safe enough. That does not necessarily mean you shouldn’t use them, but we all know that a single bad user experience with security can be the difference between a company having a trusted application or a costly breach. A lot of what we talk about in security is hypothetical so I would like to offer my own real-life lesson on why data security knowledge is vital.

The first payment app I signed up for was PayPal. I was using it to buy some rock climbing equipment from a third party seller who processed all their payments through this service. The bad actor who eventually managed to gain access to my PayPal account did so through a very simple and common method. The attacker first gained access to my weakly protected social media account after doing some basic research on my publicly viewable profile. They attempted an informed brute force attack and managed to gain access to my account and password. At the time, I was blissfully unaware of what constituted good data security and had the same password and email for almost every online account ( which is no longer the case, sorry hackers). With my sensitive data in their possession, the attacker was able to infiltrate my PayPal account and attempted to steal the money on my stored payment card info.

It ultimately transpired that blind luck was to be my savior. The payment card data I had stored on my PayPal account was out of date, and this was the attacker’s downfall. I received a notification from both my social media provider and PayPal explaining that there was some unusual login activity originating from a country that I had never visited, which raised the alarm for me that something was amiss.

The attacker made a very bold move by emailing me directly, with a fake email from PayPal requesting that I update my payment card information immediately. Luckily I spotted some spelling errors that caused me to become suspicious. the email read something like this:

“Please do be sending your updated pay card infromatoin immedietly to PayPal for reviewing,

Thank you,

Rajesh,

Pay Pal team.”

Nice try ‘Rajesh’. But you won’t be getting access to my ‘infromatoin’ anytime soon.

At this point, I was relieved and reported the fraudulent activity to PayPal, who swiftly deleted all my data as per my request.

The main lesson to take away from my experience is to use the convenience of payment apps with caution and skepticism. Coupled with good cybersecurity methods and a secure password, payment apps can be very useful in our fast-paced world.

The transit of any information through wireless means always carries a certain degree of risk and financial data is no different. This valuable information is highly sought after by cybercriminals, so it is safe to assume that new payment card apps that may not have the most rigorous security standards in place, are likely in their crosshairs.

Yet we continue to use these new applications to spend our hard-earned money. Why? Convenience. You no longer have to carry cash in your pocket that is susceptible to being stolen by more conventional means. We trust the digital realm to take better care of our money, without fully understanding the risks and how it all works.

But the question remains, how safe are these payment apps? The answer depends on you and the platform you choose. There are myriad of online payment apps available so it is important to choose one that has sufficient security in place to protect your data. An example of this would be an app that offers the option to enable two-factor authentication when making a payment. This adds an extra layer of security to your transaction and helps to ensure that you are the only one who can spend your money.

Would you trust a bank to take care of your money if it left the vault door unlocked, no? So why would you trust an app who was equally as careless on the digital side?

Niall Rooney

Author
Niall Rooney

Stay ahead of hackers

Sign up for our monthly security
newsletter and stay ahead.



Copyright © 2019 Ground Labs Pte Ltd – All rights reserved | Legal | Privacy | EULA

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us

It's time to find your data

Enterprise Recon User Interface

What kind of data do you want to protect?

Choose the software that matches your requirements. 1 or 100,000 systems? We have the products to help you.

Enterprise Recon

5 – 100,000 Systems
Enterprise-ready solution
priced for organisations of any size.
Includes PCI, GDPR, HIPAA and more.

Check Out Enterprise Recon

Card Recon

1 – 5 Systems
Stand-alone tool for manual
PCI scanning on single machines.

Check Out Card Recon

Resource Centre

Resources-image

Want to learn more?

Visit these pages for product support, knowledge base, case studies, events and more.

Support

Have a question or
looking for Docs?
Our dedicated support team are here to help.

Get Support

Case Studies
& White Papers

Detailed case studies from some of our current customers.

Learn more

Blog

Stay up-to-date with recent cybersecurity trends and topics.

Stay Up To Date

Events

We have a global events structure in place, click below to see where we are next.

Meet us