WASHINGTON — QUESTION:
Is mobile pay safer than paying with your credit card?
Yes, the Verify team spoke with three cybersecurity experts who all agree, mobile pay apps like Apple, Google and Samsung have more sophisticated safety features.
Evan Francen- CEO- FRSecure
Joesph Steinberg- independent cyber security expert
Mike Splichal- Senior Program Manager- Merchant Risk Council
Sixty-five percent of smartphone users in the United States are still reluctant to try mobile wallets because of security concerns, according to a survey from Statistica.
Some people argue that paying with your phone is actually safer.
A viewer asked us to Verify: Is mobile pay safer than using your credit card?
To get our answers we spoke with three cyber security experts with more than 50 years of combined experience.
They all agreed, paying with your phone is safer.
"They’re more secure, because your credit card information is never really transferred to the merchant," Evan Francen, CEO at FRSecure, said.
Here’s how it works: When you set up Google, Apple or Samsung Pay for the first time, you enter your credit card information so it can access your money. After that, your credit card numbers are never used again.
Every time you pay, the app creates a new token -- a random, unique, one-time code -- instead of entering your card’s actual digits.
"It uses something called 'tokenization,' which really takes a cryptic graphic representation of your credit card and sends that instead," Francen said.
Cybersecurity advisor Joseph Steinberg agreed.
"If there is a breach at the company that you have [mobile] paid, your credit card number is not going to be stolen," Steinberg said. "They’re stealing a token number, which is meaningless since it can’t be re-used."
So how does that compare with that new chip technology on new credit cards?
It operates using a similar tokenization technology.
"The EMV chip on newer payment cards makes them almost impossible to counterfeit -- the chip is designed to generate a one-time use number for a purchase," Mike Splichal, Senior Software Manager at Merchant Risk Council, said. "Even if a thief somehow 'skimmed' the one-time use number, further purchases could not be made. This has significantly reduced counterfeit fraud at physical points of sale."
The problem is that in many cases, Splichal explained, store customers are still asked to "swipe."
"Many gas stations still do not support inserting cards with EMV chips, and customers must still swipe," Splichal said. "Gas stations are not required to use EMV chips until next October."
Mobile pay’s security is sill more sophisticated than a credit card chip, Steinberg said.
"The chips...use a one-time number when they preform the transaction, so that's more secure than using the number that you would type in off the front of the card," Steinberg said. "The mobile apps use an even more advanced technology where they're using a one-time number."
So yes, we can Verify that in terms of fraud, mobile pay is safer than paying by credit card.
Now, it comes with disadvantages. You could lose your phone, rendering you without form of payment, or run out of battery at a store.
Mobile apps are still not recognized forms of payment on all websites and apps, which is another drawback.
"When you're making a payment online, you're doing it with the 15- or 16-digit credit card number right off the face of the card," Steinberg said. "So you're not benefiting from any of these new technologies."
Some credit cards offer "virtual card numbers," which uses similar tokenized technology to help fight e-commerce fraud. If your bank offers it, Steinberg said it might be a good idea to use one when making purchases on sites you've never visited.