24th Oct 2018

How Secure are the Smartphone Payment Systems We Use in Australia?


You’re in the queue waiting for your coffee, browsing through your Facebook feed, and suddenly it’s time to pay.

Getting out your wallet and extracting a credit card---or worse, cash---from deep inside? These are the actions of the past. In today’s digital-friendly world, you can keep your wallet in your pocket and avoid those few extra seconds of chaotically sorting through your change. Instead, you can simply complete the payment by touching or tapping your smartphone to the terminal.

It still seems slightly futuristic, but in Australia, we’re going mobile, and there are several options available for making payments via your phone. These contactless payments are made by using a “mobile wallet” via your smartphone.

But how secure are these methods? Are their risks to using smartphone payments? And how does it all work?

Let’s take a look.

How Do Mobile Wallets Work?

Mobile wallets function a lot like actual wallets but are virtual, housed inside apps installed on your phone.

Mobile wallets can be used with POS terminals that accept contactless payments. Using technology known as near-field communication, or NFC, the device ‘reads’ your details, and payment is simple and completed in seconds. You make the payment by tapping your device or touching it to the payment terminal. You’ll also need to authenticate the transaction in some way---usually by placing your finger on the fingerprint sensor. You don’t need to pull out your card because your details are contained within the mobile wallet app you’re using. Sounds great, right?

This is all a convenient, effective way to pay for things in the shops, but can the process be trusted?

How Secure is Paying With Your Phone?

At first, it can seem a little worrisome to pay with your smartphone. Can this digital transaction somehow be intercepted or hacked? How is your information stored and transferred? It turns out that mobile payments have a great deal of security built-in, and in some cases, they may even be more secure than traditional payment methods.

According to Jason Soroko, security technologies manager for a financial transaction security firm says that digital wallets are quite safe because of the “sandboxing architecture” used by mobile phone operating systems. This isolates individual mobile apps from being infected by malware, which makes using your mobile wallet even a bit safer than doing your desktop online banking.

Data breaches are also a major concern of consumers---and with good reason. Data breaches have seemed to reach significant highs in recent years. But mobile payments have an added layer of security that can eliminate some of that worry. When adding a credit or debit card to a virtual wallet app, a new, virtual account number is generated. This is called tokenisation. When making a payment via your smartphone, the tokenised account number is used instead of the real number, along with a cryptogram that functions as a password. The card network then verifies and processes the payment. What this all means is that your actual card number is never provided to the merchant, giving the transaction greater protection than with a traditional card purchase.

The payment process with a mobile wallet is in itself very secure, too. First of all, paying with a mobile wallet involves authentication, which can be more challenging for a hacker to obtain. While a credit card and pin number could be easier to dig up, it’s unlikely a thief could also steal your fingerprint! Using a fingerprint scanner or facial recognition to authenticate your mobile wallet purchases should offer consumers peace of mind.

Of course, no payment method is ever 100% secure, so it’s always wise to take additional steps to safeguard your data.

To prevent an unwanted party from logging into your mobile wallet app, activate extra security steps on your account such as two-factor or multi-factor authentication. When someone attempts to log in, they’ll need to do multiple steps correctly, such as receiving a text with a login code. This makes it far more difficult to hack into your account and ensures you’re the only one using it.

Take basic security precautions when it comes to your data, as well. Don’t use public Wi-Fi networks whenever possible, and if you do use public Wi-Fi, don’t engage in making online payments or online banking while connected. Avoid providing personal login details over the phone or by other communication tools such as email or messaging apps. And be sure to monitor your accounts to observe if any suspicious transactions occur. For many accounts, you can set up text alerts to let you know if transactions meeting specific criteria (such as over $50) occur. It’s nice to know that some of the mobile wallets have this type of monitoring built in, too, adding additional security to your pay-by-phone transactions.

You can set up alerts to notify you if suspicious activity occurs on your account.

The risks to mobile wallets are currently roughly comparable to the basic risks involved in online banking and online shopping. The danger, however, may be that as new technologies are being developed, criminals could exploit weaknesses in the developing systems. So mobile pay, being the newest option for making transactions, may be more vulnerable to hackers seeking a target. Yet it’s also important to keep in mind that financial institutions are largely moving in the direction of mobile wallets, which means they are investing heavily in the security of these exact resources. So even if threats exist, you can rest assured that new protections are being generated at a rapid rate.

One such possibility involves behavioural biometrics.

This is a more recent development, but it’s being quickly adopted, and may soon make its way into mobile wallet authentication. While standard biometrics for phone security include physical entities such as a fingerprint or your face, behavioural biometrics involve your patterns and habits. Each of us has distinct ways in which we do things like the way in which we hold our phones and the speed in which type on our keyboards. Machine learning can be used to identify and study these patterns, eventually developing a fully unique user profile that matches one’s precise habits and movements. Additional security can be employed to double-check these human actions, too, such as geo-location or tracking a users’ IP address.

This can work with a mobile phone via a myriad of sensors, such as the accelerometer and gyroscope, measuring and recording your behavioural patterns to build your user profile. As a security measure, this could prove extremely accurate and foolproof, and just might be the future in mobile wallet security.

What's Available in Australia?

There’s no doubt that mobile payments are booming. Recent market research indicated that the global mobile wallet market is expected to top $3 billion by 2022. This is an increase from the roughly $600 million seen in 2016.

Australia is moving forward with this technology too. With mobile payments growing in popularity, various options have sprung up in Australia. Here are the mobile wallets that Australians can utilise:

Apple Pay

Apple Pay is a well-known name among mobile payment methods. By the year 2020, Apple Pay is expected to account for 50% of all mobile wallet users, and it’s already massively popular for mobile payments in Australia.

Compatible with most iPhones (and some other Apple devices) Apple Pay is confident in their security offerings. When you make a purchase using Apple Pay, your card details are transmitted via encryption, hiding them fully from the merchant.

Many banks in Australia support Apple Pay, including ANZ, American Express, Bank of Sydney, and ING. Check out the full list here.

To use Apple Pay, you must first set up the app on your device, adding your desired cards to the wallet. Then, to make a payment, open the app on your phone, place your phone’s screen close to the NFC card terminal and touch your finger to your device’s Touch ID fingerprint sensor to authenticate.

Paying with a mobile phone is a common site in Australia’s shops.

Google Pay (formerly Android Pay)

For those with non-Apple devices, Google Pay might be a good digital wallet choice. Google Pay is available in more than 700,000 locations across Australia, including such stores as Coles, Big W, and Dan Murphy’s.

With Google Pay, you don’t need to use the fingerprint sensor to authenticate your payment. Instead, simply hold your smartphone over any compatible payment terminal. You will need to unlock your phone to engage the payment, but you will not need to open the Google Pay app or specifically authenticate the purchase.

In Australia, Google Play is supported by a range of banks such as NAB and Westpac. Click here for the full list.

Samsung Pay

Samsung Pay is a great option for those with Samsung-made devices. This mobile wallet has an added feature that others don’t. Rather than solely using NFC technology to complete contactless purchases, Samsung Pay also utilises a technology known as magnetic secure transmission (MST). This process releases a signal that simulates the magnetic strip on a credit or debit card. This means that Samsung Pay could be used to pay for things in virtually any shop, even when an NFC-ready terminal isn’t available.

Samsung Pay is supported by all the same apps as Google Pay, with the addition of Citi. You can browse the full list to see if your bank is included.

Optus Pay

If you’re an Optus mobile customer, you might want to use Optus Pay. This is a unique digital wallet that incorporates some physical items into the virtual payment world. When signing up for Optus pay, you can get three free accessories to use with the app.

The most intriguing, however, may be the smart coffee cup. This product has to be purchased from Frank Green, but once you’ve got it, you can enjoy the ease (and fun) of paying with your daily cuppa wallet free!

Optus Pay only works for transactions not exceeding $100, and the overall account balance must be kept below $500 (the app is linked to your bank account). These guidelines can be helpful, however, in adding a level of security and peace of mind for the service.

To make a payment using Optus Pay, you’ll attach an NFC enabled sticker to the back of your phone. Simply touch the sticker (or other compatible accessories such as the coffee cup or wristband) to the merchant terminal.

Wouldn’t you prefer to not have to exert the energy required to pull out your wallet to pay for your coffee when you haven’t yet finished drinking it?

Individual Banking Possibilities

Not to be outdone, Australia’s big banks have joined the mobile wallet game. While a few of them are compatible with the more common apps, such as Google Pay and Apple Pay, their own proprietary mobile wallet options are also available for Australians.

CommBank PayTag isn’t compatible with the popular mobile wallets, but they do offer their own version. For Android phones, users can download the Commbank mobile app and pay at NFC-ready terminals. For purchases under $100, simply tapping your device enables payment, while purchases over $100 require the input of a PIN. For CommBank customers with iPhone, PayTag is available. This is a small electronic sticker that can be affixed to the back of your phone, enabling your to make Tap & Pay purchases in stores.

NAB Pay has a similar setup. Their NAB Pay app works with Android devices and allows you to pay either by pressing a button in the app or by unlocking your phone (you can choose your preferences in the app’s settings). iPhone users can utilise PayTag, adding a sticker to the back of their device.

Will You Use Your Phone to Pay?

Knowing a bit more about what goes into the security of mobile wallet payments, will you take advantage of the efficient payment method? Ultimately, it seems it’s no less safe to pay by mobile than it is to pay with your physical credit or debit card. And while security risks do still exist (for any payment method), indications show that the consumer world is increasingly going mobile. Will you join?

Hold on. We are fetching more posts for you ...