Mobile Payments Offer Convenience If You Keep Your Email Safe

We took a close look at the P2P digital payments boomlet during our March 26, 2015 broadcast, and guest Josh Constine, senior writer at TechCrunch, took the time to explain what we learned during the conversation. 

People are paying for things with their phones. Should you? Mobile payments can be faster and more flexible than cash, and even if you lose your phone you won’t lose your money. But putting your payment information into an app means you need to protect your email password more than ever. Without some of the traditional fraud protection and customer service of credit cards and banks, paying by phone could turn into nightmare if you’re not careful.

The top players in mobile payments today are PayPal and its acquisition Venmo, Apple Pay, Google Wallet, and now Facebook Payments in Messenger. Each offers distinct advantages and risks.

PayPal is the veteran of mobile payments, offering ways to send money to both friends and merchants from your phone for years. The friend-to-friend payments app Venmo that PayPal acquired alongside online payment provider Braintree is perhaps the simplest way to settle debts with friends. Just type in a friend’s phone number or email address, a dollar amount, and what you’re reimbursing them for, and the money comes out of your credit card, debit card, or bank account and into theirs.

But earlier this year, Venmo was called out for subpar security features. It didn’t notify users if a random new email address was added to their account or their settings were changed, leading some people to unknowingly have their accounts stolen and money taken from them. With a only small team, Venmo doesn’t have a hotline you can call to report problems, and many victims of fraudulent transfers are left hoping someone responds to their email. Only after bad press did Venmo enable new security options like two-factor authentication, where your phone gets texted a special temporary password when you try to use your account. Still, PayPal itself is relatively secure as long as you protect your account name and password. The weak link is humans, not technology.

Apple barged into the payments space with Apple Pay, making it simple to pay brick-and-mortar retailers with a tap of your phone and a fingerprint. Unfortunately, Apple Pay also provides crooks a way to use credit card info bought online for cheap through the black market to make in-person purchases. Google Wallet is more concentrated on being your online payment passport, letting you quickly pay without entering all your payment and shipping details.

And most recently, Facebook entered the payments space by allowing you to pay friends through a debit card on its Messenger chat app. For now it’s only available in the US for peer-to-peer payments, but there’s speculation that it could eventually help families of migrant workers avoid extortionary remittance fees for sending money across international borders. Facebook’s payments capabilities could blossom into an easy way to make commerce purchases straight from its News Feed.

All these companies have strong reputations for technical security. Hackers have had little success directly breaking into their servers to steal people’s payment info. But what people need to understand about mobile payments is that they make your email password the key to your castle. If you use mobile payments, you should enable two-factor authentication, choose a complex password, and make sure to use different passwords for different websites. As long as you protect yourself, mobile payments could let you leave your wallet at home.
-- Josh Constine, Senior Writer at TechCrunch