Smartphones have drastically made life simpler. It changes how we shop and buy, Mobile payments are more quick and convenient, it has now become the trend. However, mobile payment security concerns have sounded the alert for us. Recently, some iPhone user in China is losing money due to a potential loophole in Apples’s login system.
Chinese iPhone users have complained that their money has been stolen through online payment services after their Apple account was allegedly hacked by cyber attackers. Hundreds of people claiming to be the victims of the Apple ID breach. Some even claimed to have lost as much as 10,000 RMB(about 1,440 US dollars).
Many users uploaded screenshots of online payment notifications online saying, “I never buy these.” Some victims asked Apple for a refund but not all got the money back.
To prevent iPhone users from suffering financial loss through their online payment systems, Alipay recommended all iPhone users to disable or lower the password-free quota for mobile payments.
Go to Alipay app, click on ME > Settings > Payment Settings.
Click on Free Payment/Auto Debit > App Store, Apple Music & iCloud > security monthly quota, and then turn off or set a lower monthly quota that meets your expectations.
Although Alipay’s password-free payment has opened the handy door for the criminals, the root cause of this incident is ultimately due to the user’s Apple ID account and password being hacked. If we are able to protect accounts securely enough, the criminals will not have any chance to steal your data and money.
So you should take precautions, such as using strong passwords and use different passwords for your accounts and apps and ensuring you’re using real apps versus malicious ones.
In addition, you should add an extra layer of security to your account by enabling two-factor authentication for your Apple ID. To do this, go to Settings > iCloud. Tap your Apple ID > Password & Security. Tap on Setup Two-Factor Authentication > Continue. Then follow the onscreen instruction to complete it.
Once you turn on two-factor authentication, you can access your account only through devices you trust. When logging in to a new device for the first time, it is asked for entering both the password and the six-digit verification code that is automatically displayed on the trusted device.
As a result, even if your account password has been compromised and there is no verification code, criminals cannot log in to your account on the new device.
The Main Mobile Payment Attacks You Should Take Precautions
Mobile payment attack techniques continue to evolve. There are many attack points, but the most critical we see are summarized in the table below:
Best practices for protecting Mobile Payment information you should master.
Download Only Trustworthy Apps
Download mobile apps only from official app stores. Ensure that phone settings are set to prevent app downloads from unofficial stores.
Only Use a Safe, Trusted Payment Platform
If you’re going to add your payment information in your phone, use the software that came with your phone or a trusted payment provider. Reputable mobile payment platforms don’t store your actual credit card detail, which can ensure private data and transactions are secure when using mobile apps.
Avoid making mobile payments over public Wi-Fi
Public Wi-Fi is always dangerous. Anytime you send data over an unencrypted network, it’s possible for hackers to spy on that data. If you’re setting up a mobile wallet or even using your wallet while connected to Wi-Fi, it’s possible for hackers to access your phone and the cards you’ve stored.
Avoid this risk by avoiding entering any personal information on your phone while on public Wi-Fi. Or, use a VPN when connecting to unsecured networks.
If something about the payment transaction appears to be suspicious, you should consider making the payment later or in different ways.
If implemented properly, these protection techniques will dramatically decrease the risk that your mobile payment app will be compromised. They could also prevent you from squandering profits from your holiday-related mobile transactions to cover the cost of potential data breaches.