Better Understand Where Your Data Lives
Above and beyond everything else, common sense dictates: If there’s enough money in the bank, someone will try to steal it. 7-Eleven only carries $20 cash at night for a reason.
Your payment data should solely be stored on your phone and not in someone else’s database with tens of thousands of other credit card numbers. It’s hard to steal from someone if there’s no money in the safe. This is the only thing that truly deters hackers from going after a big score.
Keeping your payment data solely in your phone is equivalent to keeping your credit card in your wallet.
For consumers, you can usually find out where data is being stored by perusing a website carefully or reading well-researched articles and reviews. Journalists are doing a better and better job of ferreting out where your data lives, and how it is being passed around.
For app developers and payments services, keeping the data out of their servers absolutely involves more work and clever engineering. It’s hard to avoid any third parties (whether for processing or hardware), because those third parties can make things a lot easier on a startup. It’s worth it to start down this path if you haven’t already, since consumers will increasingly demand it.
Be Confident the Data’s Encrypted
The very best approaches to mobile security never send your payment information in any way that an enabled hacker in proximity could intercept your data.
It should be a priority to have industry-standard encryption. Customer smartphones talk directly to the POS. Ideally vendors and companies won’t even need this extra data in the first place.
Your Cheat Sheet
In sum, the stakes are high when the smartphone replaces the wallet. We have to rethink where the data lives and who has access to it, convenience notwithstanding. We’re all responsible for asking the hard questions to be informed consumers when we support a carrier, manufacturer, vendor network and technology.
Here’s your cheat sheet for owning your mobile transaction financial health. I urge you to ensure that your credit card information is:
- Only sent to the venue’s POS system, rather than passing through third party services.
- Only stored on your phone, where it’s safest, and not in the cloud.
- Always encrypted when it is sent to the POS system, where the transaction is taking place.