Mobile payment is gaining ground. Apple Pay, PayPal or Paylib can be used to pay for purchases at merchants or online, from an app or website. But what about security?
According to a recent study carried out by the online platform Adyen, purchases paid from mobile devices in contactless mode or from an e-commerce app have increased by 75% in the last 18 months, to represent almost 15 % of online purchases in Europe and 14.5% in France. Like PayPal, these mobile payment services act as intermediaries and prevent you from exposing your bank details.
Your credit card information remains confidential
When you make a purchase using Apple Pay or Lydia, these mobile payment services generate a one-time token (or token) made up of a number specific to your phone and a transaction code. The advantage of this method is that your bank card data is stored in a virtual inviolable safe (in theory). They are not transmitted to merchants nor sent to the payment system servers.
1. Check the amounts before validating the payment
If you are a careful consumer, you probably have the reflex to check that the amount displayed on the CB payment terminal is the amount you must pay. This precaution also applies to a mobile payment made in a store or on a website.
2. Take a look at your surroundings
The way mobile payment platforms work prevents sensitive data from being exchanged between your phone and the terminal used by merchants. However, several experiments have highlighted the security flaws in contactless communication technologies such as NFC (Near Field Contact) and the relative ease of intercepting data exchanged in this way. Pay attention to your surroundings. Only make mobile payments under optimal conditions of confidence and security!
3. Correctly configure authentication
It’s almost impossible to use a mobile payment service without your knowledge unless you physically force yourself to complete a transaction. The security of the device is in fact based on the protection mode defined to authenticate purchases.
With fingerprint recognition, you have a device that is relatively reliable (the risk of error and false recognition is of the order of 1 in 50,000) and which does not slow down the execution of the transaction. But not all smartphones have a sensor compatible with contactless payment platforms. In this case, only a password will guarantee the transaction. So remember to define a complex combination and change it regularly.
4. Are the amounts paid capped?
When you pay for a purchase via an online payment platform on a website or in an app, the only limit is the limit on your credit card. The transaction is in fact the subject of an authorization request from your bank. In the case of contactless payment at a merchant, the conditions depend on your bank and the terminal (TPE) used by the store. Some older TPEs limit the debit to € 20, as is the case for contactless payments with a bank card (the ceiling was increased to € 30 on January 1, 2018). If you are a BRED customer, be aware that this bank has set a ceiling of € 300 for contactless Apple Pay payments.
Find our new section dedicated to mobile security!