Mobile payment apps like the one with Square are already beginning to change the landscape of how we do business. With a mobile payment app that can allow any smartphone to swipe credit cards and accept credit or debit card payments, more merchants are able to change their point of sale, and many micro businesses are able to accept personal credit cards when it would have been too expensive for them to do so before.
While mobile payment apps can be convenient, though, they may also be somewhat risky. The Open Web Application Security Project lists several places that the security used in these mobile payment apps might break down. Here are a few potential problems with these apps and the devices that use them:
- They are connected through open WiFi networks. Whereas other mobile point of sale credit card machines are connected to their own secure network, smartphone mobile payment apps use an open WiFi network that other phones and laptops can access. While it may be difficult to get the payment information through a network, a skilled hacker conceivably could.
- The actual hardware could also be corrupted and firmware could be used to root the device. And article in the Wall Street Journal details how some mobile payment apps could store unencrypted information on the smartphone itself. While it can be difficult to get at this information, it is possible, especially if a hacker has the actual phone in hand.
- Some apps have their own vulnerabilities. The world of mobile applications is far from perfectly secure, and some apps include malicious code that can allow access to data and device sensors.
While most people who use mobile payment apps have not had issues with them yet, the possibility still remains. Obviously, these apps deal with very sensitive information that needs to be protected as much as possible.
How to protect yourself
If you’re a vendor who wants to use mobile apps to change the way point of sale works at your business, there are several things you can do to protect yourself and your customers. Here are a few options:
- Use a dedicated, private WiFi connection for all of your point of sale devices, and use a controlled set of smartphones for taking payments. These two simple steps will go a long way towards protecting the information from cash back credit cards that customers use for payment in your business.
- Be careful who you trust. The second most important thing you can do is to choose the mobile payment app you use very carefully. Only work with vendors that have good reputations, and check out information from the PCI Security Standards Council on any mobile apps you plan to use.
While mobile payment apps can make accepting credit cards and debit cards from your customers much easier, they can also create more problems of their own. Taking steps to protect yourself and your customers and being aware of potential problems you might have with mobile payment apps can help you ensure that you protect your business information and the information of your customers as well as possible.
Daniela Baker is a small business blogger at CreditDonkey, where she helps web and tech savvy entrepreneurs apply for credit cards online.