Smartphones have drastically made life simpler. It changes how we shop and buy, Mobile payments are more quick and convenient, it has now become the trend. However, mobile payment security concerns have sounded the alert for us. Recently, some iPhone users in China are losing money due to a potential loophole in Apples’s login system.
Chinese iPhone users have complained that their money has been stolen through online payment services after their Apple account was allegedly hacked by cyber attackers. Hundreds of people claiming to be the victims of the Apple ID breach. Some even claimed to have lost as much as 10,000 RMB(about 1,440 US dollars).
Many users uploaded screenshots of online payment notifications online saying, “I never buy these.” Some victims asked Apple for a refund but not all got the money back.
Tips to prevent iPhone users from suffering financial losses
To prevent iPhone users from suffering financial loss through their online payment systems, Alipay recommended all iPhone users to disable or lower the password-free quota for mobile payments.
1. Go to the Alipay app, click on ME > Settings > Payment Settings.
2. Click on Free Payment/Auto Debit > App Store, Apple Music & iCloud > security monthly quota, and then turn off or set a lower monthly quota that meets your expectations.
3. Although Alipay’s password-free payment has opened the handy door for criminals, the root cause of this incident is ultimately due to the user’s Apple ID account and password being hacked. If we are able to protect accounts securely enough, the criminals will not have any chance to steal your data and money.
4. So you should take precautions, such as using strong passwords and use different passwords for your accounts and apps, and ensuring you’re using real apps versus malicious ones.
5. In addition, you should add an extra layer of security to your account. For more information, see enable two-factor authentication for your Apple ID. To do this, go to Settings > iCloud. Tap your Apple ID > Password & Security. Tap on Setup Two-Factor Authentication > Continue. Then follow the onscreen instruction to complete it.
6. Once you turn on two-factor authentication, you can access your account only through devices you trust. The first time to logging in to a new device, it is asked for entering a password and the verification code.
7. As a result, even if your account password has been stolen, criminals cannot log in to your account on the new device because there is no verification code.
The main mobile payment attacks you should take precautions
Mobile payment attack techniques continue to evolve. There are many attack points, but the most critical we see are summarized in the table below:
Best practices for protecting Mobile Payment information you should master.
Download Only Trustworthy Apps
Download mobile apps only from official app stores. Ensure that phone settings are set to prevent app downloads from unofficial stores.
Only Use a Safe, Trusted Payment Platform
If you’re going to add your payment information in your phone, use the software that came with your phone or a trusted payment provider. Reputable mobile payment platforms don’t store your actual credit card detail, which can ensure private data and transactions are secure when using mobile apps.
Avoid making mobile payments over public Wi-Fi
Public Wi-Fi is always dangerous. Anytime you send data over an unencrypted network, it’s possible for hackers to spy on that data. If you set up a mobile wallet, or even use a wallet while connected to Wi-Fi, hackers may gain access to your phone and stored cards.
Avoid this risk by avoiding entering any personal information on your phone while on public Wi-Fi. Or, use a VPN when connecting to unsecured networks.
If something about the payment transaction appears to be suspicious, you should consider making the payment later or in different ways.
If implemented properly, these protection techniques will dramatically decrease the risk that your mobile payment app will be compromised. They may also prevent you from wasting profits from holiday-related mobile transactions to pay for potential data breaches.