Monday, 21 September 2020

[Study] 52% Aren’t Concerned With Payment App Security, Yet Financial Data Is at Risk

 moneycrashers.com

Sometimes it doesn’t take long for brands to maneuver their way into our vocabulary. Multimillion-dollar businesses become interchangeable with verbs. How many times have you heard “Google it” or “I’ll Venmo you”?

For many people, that can lead to trust beyond question — even when it means allowing access to one of their most confidential assets: money.

We conducted a survey to find out how Americans perceive payment apps. We found that although 90 million Americans use payment apps, most people aren’t concerned about the security of them.

Some key findings include:

  • More than half (52%) of people aren’t concerned with the security of payment apps.
  • Only 19% of people read payment apps’ privacy policies.
  • Almost one-third (30%) of people have decided against downloading a payment app due to security concerns.

Half of People Aren’t Concerned About Payment App Security

Mobile payment apps have introduced a convenience like no other. If you forget your wallet, paying for your bill is as easy as swiping your smartphone or smartwatch. But while many people have been quick to adopt this new way of payment, not all have looked into what kind of data they’re disclosing by using it.

In fact, our survey found that 52% of respondents weren’t concerned about the security of the payment apps they use.

1 concerned about security

That’s an incredibly high number, considering person-to-person apps like PayPal, Venmo, and Square are not fraud-proof. In fact, Venmo reported a $40 million loss in fraud reimbursements during the first quarter of 2018 alone.

What’s especially concerning about these numbers is that most payment app scams rely not on complicated platform hacks or malware, but on simple lack of awareness. One common digital wallet scam involves an “accidental payment” followed by a quick “oops” message requesting it be returned. Later, the victim finds out the original payment was made with a stolen card, and the stolen funds will be removed from the victim’s account, not the fraudster’s.

And while 20% of people said they’ve had security concerns, they also said those concerns don’t prevent them from continuing to use these apps.

Few People Read Privacy Policies

A privacy policy statement shares how a company will collect, store, protect, and use the personal data you share with them. Consumers are meant to read them in order to make informed decisions. However, sometimes they’re too difficult to understand, leading people to skim them or skip reading them altogether.

2 read privacy policy

Why is it important to read the privacy policy statements of payment apps? Even more so than other platforms, digital wallets often expose personal information to the public — and that personal information can land you right in the center of a fraudster’s target.

A coder and privacy researcher, Hang Do Thi Duc, dug into the security issues with Venmo, revealing the scary details that anyone can learn through the personal information people share on the app. The text and time stamps of transactions people make create a window to their lives. For example, by examining the transactions of a single food cart vendor, Do Thi Duc was able to identify the vendor’s most frequent patrons, how often they made purchases, and at what time of day they could be expected to visit.

Depending on the context, this information can expose users to everything from marketing schemes to theft, assault, and blackmail.

Security Isn’t Top of Mind When Downloading New Payment Apps

While downloading an app can take mere seconds, the consumer’s decision to download it in the first place can take even less time. We asked consumers if they’ve ever decided against downloading an app due to security concerns, and only 31% said yes.

3 decided against downloading

Almost half (43%) of respondents said they haven’t decided against downloading a payment app due to security reasons, while 26% of people have never considered using payment apps.

Ideally, users should be deciding whether or not to download and use a payment app only after reading the privacy policy and determining that the app is not putting their information security at risk. At a minimum, users should read enough of the privacy statement to learn:

  • What information the app is collecting
  • Whether your information will be used for secondary purposes (such as marketing)
  • Whether your information will be shared with third parties
  • What the app’s policy is on sharing information with law enforcement
  • Whether information is protected in all phases of collection and storage
  • Whether the app allows users to delete their data
  • Whether the app uses personal information to build user profiles for non-primary use

Skimming or searching the privacy statement for the terms bolded above can help users locate the most important information in the policy without reading the full document word for word. By answering these questions, users can learn whether an app will sell their data, use it for marketing and advertising purposes, or store it in a way that leaves it vulnerable to hacks.

How to Make Your Payment Apps More Secure

Experts say that if you’ve downloaded one of these apps, there are precautions you can take to make your information more secure, including:

  • Read the Privacy Policy. Learn how your information is being collected and how marketers or advertisers can use it.
  • Use a Password Generator. Password protection is crucial in securing your financial information. Use a password generator to come up with and protect your password.
  • Enable Two-Factor Authentication. Go a step further with password protection and configure an extra layer of security with two-factor authentication.
  • Secure Your Lock Screen. Don’t stop at a secure login to the app. Make sure your phone is also locked so your information isn’t compromised if your phone is lost or stolen.
  • Make It Private. Although it can be amusing to use Venmo as a social network, doing so can compromise your security. Switch your payment settings to private so your payment history and time stamps aren’t available publicly.
  • Enable Notifications. Make sure you’re notified of any payments or changes to your account so you can address them quickly if you didn’t authorize them.
  • Monitor Your Bank Accounts. Don’t neglect your bank accounts. Regularly monitor their activity so you can alert your bank if something doesn’t look right.

By taking these steps, you’ll feel more comfortable — and keep your personal information safer — when downloading and using payment apps.

Original Post: https://www.moneycrashers.com/payment-app-security/




Tuesday, 8 September 2020

Protecting your Digital Currency Portfolio against Threats

 From thetechfools.com

The creation of bitcoin in 2008 by Satoshi Nakamoto presented a world with several possibilities. People looking to shift from the traditional banking system had another option to store value. Bitcoin was created with several security features such as irreversibility, decentralization, and encryption.

Despite the advanced security the premier cryptocurrency offered, hackers found different ways to exploit loopholes. Since the massive increase in the value of various digital coins and tokens, the crypto space has been plagued with cybersecurity issues.

Security Risks Related to Storing Cryptocurrency

1.       Losing your Digital Currency Private Keys

A private key is a long string of numbers and letters that grant you access to your cryptocurrency wallet. It’s the equivalent of a username and password combined into one to log into your internet banking.

Your private key is only sent to you once and isn’t stored on any server. If you have funds in your wallet and forget the private key, you’d lose all access to your funds forever. Private keys can be lost when the piece of paper on which the key was stored gets lost or damaged. For hot wallets, losing access to your email address and password would mean loss of the funds.

2.        Ransomware Attacks

Ransomware is a dangerous type of software created by hackers to deny you access to your computer. These hackers ask for a ransom before files on the system become accessible again.

If your private key is only stored on your computer, you’d be willing to part with a large number of your crypto funds to regain access. Once this happens, it would be difficult to track the hackers because of the anonymous nature of most digital currencies.

3.       Accessing your Exchange Wallet

There are various methods of storing cryptocurrency, and centralized online exchanges are one of them. Several crypto investors prefer them because they provide quick access to a variety of digital coin transactions.

Online exchanges use hot wallets, which can be accessible at any time. However, they come with a downside: hackers could also gain easy access to the wallets too.

Several online exchanges using hotwallets have been hacked at one point or the other. They include Binance, Mt. Gox, Coincheck, Poloniex, Bithumb, and so on.

Shielding your Crypto Funds from Theft

1.       Backup your Private Key Backups

Don’t just rely on one backup for your private keys. Use multiple backups in the form of handwritten paper wallets. Also, make sure they’re safe and in different locations. You certainly don’t want a hacker to have access to them.

You can also save your private keys on password managers. Another option is to save a file containing the key on a USB stick. Avoid using the USB stick on internet-connected computers too.

2.       Use a VPN

A VPN is a security tool that encrypts the flow of internet traffic between your computer and the network to which you’re connected. The purpose of this tool is to protect you from hackers that attempt to spy on your activity.

Cybercriminals like to intercept home routers or public Wi-Fi to track the activities of public Wi-Fi users. Imagine a situation where you’re inserting your private key to access your wallet and the hacker spies on that information. There would be a high possibility of your funds getting lost.

Downloading a VPN on your device can encrypt your information and assets. Even if you’re connected to a hijacked network, your safety is ensured. The app also makes users anonymous, ensuring that hackers find it difficult to track them or infect their computer with ransomware.

3.       Implement best practices to improve cybersecurity

To protect your device from ransomware, make sure you install updates for your software the moment they become available. You also need to install anti-malware software to protect you from ransomware that might sneak onto your system.

One of the most significant ways ransomware can get onto a computer is through email attachments. Avoid opening emails from senders you don’t know.

4.       Use Cold Wallets

Cold wallets are always offline unless you connect them to the internet. If your crypto wallet is offline, hackers will find it impossible to steal your funds. Instead of using a cryptocurrency exchange, you could use a hardware wallet.

Final Thoughts

Cybercriminals have stepped up efforts to lay their hands on increasingly valuable cryptocurrency. They use various methods like ransomware, infected emails, and online exchange attacks.

To protect your hard-earned funds, make sure you use a VPN, create several private key backups, use cold wallets, and follow cybersecurity protocols.