With the holiday season fast approaching, you can expect plenty of shopping and meals out with friends and family. What's the safest way to pay? Cash is convenient, but if you lose it, there's no getting it back. Credit cards are better protected and even recoverable, but they're vulnerable to skimming and scanning scams, and you can't use them to pay friends (unless your friends carry around Square Card Readers).
Mobile payments might be a more secure option for you, such as Apple Pay or Android Pay, which let you pay using your phone -- unlike a credit card, if your phone falls into a stranger's hands, they can't use it to buy anything or see your account info. A number of third-party payment apps offer encryption and various protections, though of course there is no such thing as a 100 percent secure app. "I do believe these mobile payment applications are fairly secure, along with any underlying technologies they rely upon, such as Near Field Communications protocols," said Trend Micro expert Paul Ferguson. "However, even if the apps themselves are functionally secure, there are a lot of other related security risks that can be detrimental. Again, the entire mobile technology landscape is very immature in its security stature."
That said, if you're in the market for a payment app, Ferguson recommends choosing one that protects against data leakage, data corruption, and data theft. Here are six mobile payment apps with built-in security features.
LevelUp is a highly rated payment app by App Store users that works at 14,000 businesses nationwide. According to the app's security page, LevelUp is 100 percent PCI compliant, which means that the environment where your card numbers are stored is secure. All transactions are encrypted, and LevelUp sends your financial info to BrainTree, a trusted PayPal service, for secure storage. For transactions, the app relies on a triple token system, which means that the data stored in the QR codes used to complete transactions changes three times during processing and is never your credit card number. For added protection, you can PIN lock your account under Settings. If your account is compromised or your phone goes missing, you can perform an Instant Code Reset, which de-authenticates your previous code, regenerates a new one, and logs you out of all devices using LevelUp.
Whether you're sending money to a friend or paying for a business transaction online, PayPal is a widely trusted method. You can even use PayPal at some brick-and-mortar stores -- discover where PayPal is accepted in your area. According to PayPal's site, the app maintains your security in a number of ways. All sensitive data is encrypted and guarded with multiple layers of hardware and software. Every transaction is followed by an email receipt. The PayPal Security Key adds two-factor authentication with a one-time PIN sent to you via SMS that you must enter with every log-in. Register your mobile phone for this service at paypal.com.
Add your bank account or debit card and Google Wallet will let you send or receive money. Transfer the money to your bank or spend it with the Google Wallet card. According to Google Wallet's FAQ, the company builds certain features into the app to keep it secure, starting with an industry-standard level of data encryption and the ability to set a timeout PIN. Set one by going to the app's navigation menu on the left, tapping Settings, Security, then Auto-lock. Enter your Payments PIN and choose a timeout duration. If your phone is missing, you can stop the app's access to your device at myaccount.google.com. If you lose the Wallet card, just lock it with the app.
According to Venmo's security page, the peer-to-peer payment app uses bank-grade security systems and data encryption and storage to protect your personal info and prevent unauthorized transactions. You may set a PIN for added security. On iPhone go to Settings, then Passcode Lock to choose a four-digit PIN. On Android, go to Settings, then Security Settings, and then choose PIN Code or Password. Going forward you'll be prompted for your code every time you enter the app. If your phone is missing, you can suspend it from accessing your account by heading to Security in your online account settings, then Sessions, then tap Remove next to your missing device, which will log out any active session. Venmo's two-factor authentication site will ask to send a code to your phone if you've never logged in from this device before. You may then use your bank account number as authorization.
Facebook added a payments component to its Messenger app in the summer of 2015, enabling users to send and receive payments to friends via debit card. As an added layer of security, Facebook gives you the option of enabling a special PIN or your Facebook password to send or receive money. Go to Settings, then Payments, then PIN to turn this feature on. Your financial info (card or PayPal info) is encrypted over secure servers with layers of hardware and software protection, and it's never shared with any of your friends, according to Facebook's Help Center. You can always remove your debit card between payments if you're nervous about Facebook storing it. Under Settings, go to Payments, then Payment Methods, select the card and tap Remove Card.
According to the Square Support Center, Square Cash affords peer-to-peer payers the same high-level security that businesses have long enjoyed on Square Register. This comes in the form of 128-bit data encryption, fraud detection, and card-processing systems that adhere to the PCI Data Security Standard. Tap your Settings icon on the top left, and under Security, toggle Security Lock on to require your card's security code each time you send cash. For added security, you can choose to receive a confirmation text message or email after every successful Cash payment. Under Settings, just enable Push Notifications under Notifications & Receipts.