As more and more people download and figure out how to use mobile wallets such as MobiKwik, Freecharge or Paytm, there is also increasing concern over the security of transactions on these apps.
Most reputed wallets adhere to all RBI security specifications and also have extra layers of security. The fingerprint authentication that MobiKwik features on its iPhone app will soon be available on the Android platform too, says Jagriti Motwani, the company’s GM, Corporate Communications.
However, most wallet apps only require a simple click for its operation. So, if you lose your phone, whoever happens to lay hands on it has control of your wallet. What may save you is a PIN or fingerprint protection when you send or transfer money. Though all apps are inherently safe, or as safe as your bank account, there are a few things a user has to do to ensure the financial information or money on their phones is not misused. They also need to know how to protect themselves from viruses or malware.
Basic precautionsFirst, according to Nilesh Jain, Country Manager, (India and SAARC), Trend Micro, all mobile users must have at least a basic anti-virus and a malware scanner installed. He said most users were not aware of the security threats on mobiles. He added that there were also apps that check the ‘reputation’ of apps that are installed. These scan the apps and seek permissions and flag them to us if they ask for unnecessary permissions. Many anti-virus apps, including Trend Micro’s do this. This is essential because even if the wallet app is clean and secure, the malware in some rogue apps may track and send out keystrokes and passwords.
One at a timeAmit Nath, Head of Asia Pacific (Corporate Business), F-Secure says it is important for users to install a good mobile security product not just because they need protection from viruses and malware, but also because of one important feature — blocking any other activity from simultaneously running when the user is using a financial app like wallet or mobile banking. He also said no user must at any point of time give away his PIN or password or personal details even if the call is purportedly from the wallet or bank company.
This feature in a security app – F-Secure calls it Connection Control – prevents any other site from running and connecting to the internet at the same time. For instance, if the user has opened a wallet app and then tries to go to Facebook, the wallet app is immediately shut down.
Double checkF-Secure also keeps scanning for rogue apps and alerts the users if they try to install one of them. F-Secure’s 250 member R&D team constantly tracks behaviour and usage patterns to keep such apps in check. But a user too must take care while installing random apps.Before a user installs an app, he has to check if the source is right. Installing apps without checking its source may be suicidal. Same goes with installing wallet apps. “The user must take the time and effort to check whether the app is really from the company,” says Nilesh Jain. Else, the rogue app that has been downloaded will constantly keep transmitting all information outside.
Amit Nath says that if an OTP (One Time Password) option is available, the user must opt for it instead of a static password and that apps are preferable than transacting through websites or banks. If an app is not available for a bank or wallet, and the user has to use a website, the user must check if the URL has https and not just http.
Guard against fraudA user may have taken all precautions, but what if there are issues while transferring or paying money? What do they do in case the user suffers because of fraudulent transactions?
At least MobiKwik has a fraud detection team that works round the clock. Any suspicious transactions are flagged and the user alerted. If the team is unable to contact the user or if the user does not respond, the account is blocked temporarily.
What happens if a user transfers money to a wrong number or transfers a wrong amount, Most wallet companies, including MobiKwik, reverse the transaction almost immediately. But if a wrong number is recharged or paid, nothing can be done, it is the mobile company the user has to complain to get it reversed.
So, it is better to double check every time a mobile or DTH is recharged. If the user is frequently recharging friends’ or relatives’ mobiles, he can use the address book feature in the wallet apps rather than typing numbers manually.
What many people do not realise that the wallet may be more secure than a credit debit card, even in brick and mortar stores.
The mobile stays in the users’ hand while they transact and most of the time, it is the user who has to input the amount payable. With skimming of credit/debit cards becoming frequent, wallets can come to our rescue.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.