Whether you’re reimbursing your colleague for lunch, or just paying rent, it’s easier than ever to send money electronically. There’s PayPal, Venmo, Google Wallet, Square Cash—you can even send money with Facebook.
But while the popularity of these services have grown, so have potential threats.
“There are numerous risks with digital payments,” says Al Pascual, senior vice-president and head of fraud and security at financial consulting company Javelin Strategy and Research, “Including the takeover of an underlying account by a fraudster, transactions made under false pretenses that digital payments easily facilitate, such as romance scams, rogue payment applications, and malware that intercepts account and payment credentials.”
Mobile payments have nearly doubled since 2011, according to the 2016 Consumers and Mobile Financial Services report from the Federal Reserve.
And while reputable services have security measures in place to prevent such incidents, they’re not foolproof, says Johannes Ullrich, dean of research at infosec training company SANS Institute. “It’s only a matter of time before someone uses these services to hack a bank account,” he says.
People should practice extra caution when sending money electronically. Here’s what experts say to look for.
Favor financial providers
Whenever possible, stick to money transfer services provided by your bank, advises Ben Knieff, senior analyst at research company Aite Group.
“Some of the best mobile payment [options] come from the bank apps themselves and utilize a similar level of security as online banking,” he says. But while these are some of the safest means to send money, a common drawback is that both the sender and recipient need to have accounts with the financial provider.
If these services aren’t an option, comparable alternatives like PayPal are good choices, Knieff says. “There are a lot of non-bank options out there—and many are very good. But they have some of the same limitations that bank-based mobile payments have, [for example if] the recipient must also have the app or go through a process to accept the payments,” he says.
Don’t ignore security settings
Make sure you enable and use the app’s or service’s standard security settings, including using strong passwords, HTTPS encryption, two-factor authentication, or biometrics, Pascual says. These are all options on popular services like Google Wallet, PayPal, and Square Cash.
Reputable services should take additional security measures on the receiver side, too, including verifying the sender’s identity, including name, address, phone number, date of birth, and/or tax ID, plus “some sort of out-of-band verification, such as a phone call, email, or authorization code sent through SMS,” Knieff adds.
Download only official apps
Nearly one quarter of mobile phone users admitted to downloading or installing apps from sources outside their phone’s primary app store, according to the Federal Reserve’s report, which increases the risk of using a malicious app, says Pascual. It’s safer to rely on official app stores.
Avoid unsecured networks
According to the Federal Reserve’s report, nearly a quarter of respondents said they have sent or accessed sensitive data over public Wi-Fi networks—a habit that could set you and your bank account up for disaster, says Sam Rehman, chief technology officer at software security company Arxan Technologies.
Any time you send sensitive information electronically, be wary of the network you use, he advises. Make sure you aren’t connecting automatically to unfamiliar Wi-Fi networks, especially public Wi-Fi. If you’re alerted that a network’s certificate is invalid, do not use the network—it could be a sign that the network has been compromised, Rehman says.
Opt for credit card payments
Some sites and apps use debit card information, while others use credit card information. While credit cards generally charge a nominal percentage to process the payment, they’re usually the safer option.
“Some services, like Facebook, let you transfer money using your debit card information, but don’t charge an additional fee to process it,” he says. “While no fees may be attractive,” he says, it’s harder to recover money if something goes wrong. Credit card companies are required to assume risk for you, and they also monitor your account for suspicious behavior and enforce spending limits.
Know the recipient
Only send payments to people you know. And even then, before sending someone a sizable transaction, test it first with a nominal amount, Ullrich says.
“Once you send money to the wrong account, things can go bad quickly,” he says.