You might just be getting used to inserting your EMV chip card into the reader instead of swiping the magnetic strip on the back, and now security experts are saying there is an even more secure method of payment — mobile payments on your compatible smartphone or smart device.
Mobile wallet apps like Apple Pay®, Google Pay™ and Samsung Pay store your credit or debit card information on your smartphone or smart device so you don’t even need to carry your card. The apps use a technology called Near Field Communication (NFC) between your device and the payment terminal. When you make a purchase at a store that accepts mobile payments, you just need to tap your phone on the payment terminal or bring your phone near it to complete the transaction. Not all terminals are NFC compatible. Samsung Pay uses an additional technology called Magnetic Secure Transmission (MST) which mimics the magnetic strip on a physical card, making Samsung Pay accepted even on older terminals that don’t normally accept mobile payments.
Paying with your phone sounds really convenient, right? But can using your phone to make payments really be more secure? Actually, yes.
- Your card number is not stored on your phone. Mobile wallet apps generate a virtual account number for your card, and the app does not store or even have access to the original card information. The merchant also will never see your credit card number, name, zip code or security code on the back of the card, so there is no personal information that could be stolen in a data breach.
- Mobile payment systems use tokenization. Tokenization is the security process through which your card information is kept safe. When you add a card to your mobile wallet, the information is encrypted and sent to Apple, Google or Samsung servers and also to the card issuer’s payment network (i.e. Visa® or MasterCard®) for approval. The app requests a virtual account number, or token, for each card and then encrypts the tokenized card. Some card issuers also require a one-time password to verify that you are the cardholder before it will allow you to add the card to your mobile wallet. This helps prevent someone from fraudulently adding your card to their mobile wallet.
When you use your mobile device for payment, the mobile wallet app sends the tokenized card number and a cryptogram, a transaction-specific dynamic security code that acts as a one-time-use password. The card network then verifies the cryptogram and matches the token with your actual card number and processes the transaction.
- Mobile wallets use biometrics. Both Apple Pay and Samsung Pay require you to authenticate your purchase before you make it. Apple Pay requires a fingerprint, FaceID or PIN. Samsung Pay requires an iris scan, fingerprint or PIN to confirm the purchase. Google Pay only requires your phone to be unlocked with your fingerprint, iris scan, password, pattern or PIN. However, Google Pay gives you the option to add a fingerprint scan or PIN just prior to the purchase if you choose. If you disable your phone’s screen lock, Google Pay automatically removes your virtual account number from your device for your protection.
This secondary security step makes it even more challenging for someone else to use your mobile wallet. It’s very difficult for someone to steal your phone and your fingerprint or iris scan. This is a level of security that a physical card just can’t match.
- What if your phone is lost or stolen? If your phone is lost or stolen, you can remotely lock your phone and remotely wipe it, which will remove your mobile wallet.
You can store multiple credit and debit cards in your mobile wallet, including prepaid cards and gift cards. You also may be able to store loyalty cards and things like event or plane tickets.
Not only can Apple Pay, Google Pay and Samsung Pay be used to make payments in stores, but they also can be used on some websites and in participating merchant apps. You can also use them to split checks or send a payment to a person.
While mobile payments are here, it’s important that you still hang onto your physical card. Mobile payments aren’t accepted everywhere yet and mobile wallet apps won’t work on older mobile device operating systems.