Should I Save My Credit Card Info On My Phone?
There was a time when saving your credit card information on your phone would be a serious security risk. Apple, Android, and Samsung, however, have made great strides in securing virtual wallets, making them a viable payment option.
What is a Virtual Wallet?
Referred to by some as the “phallet,” a portmanteau of “phone” and “wallet,” a virtual wallet is just that: storing your credit card information on your phone. Apple wallet, for example, on the iPhone, can hold credit and debit card information, as well as gift card and airport boarding pass information. From 2016 to 2017, Apple Pay transactions rose by 450 percent as it became available in more countries.
Are Virtual Wallets Safe?
Simply put, yes, virtual wallets are safe. Why? They don’t actually hold on to your credit card information. Instead, when you add a credit card to your virtual wallet, the information is sent to the appropriate card lender. Once the lender verifies that the information is a valid credit card, it sends back a “token.” This token is unique to your phone, and will be different if you add the card to another phone. The 16-digit number shares the last four digits with your credit card, but that’s it. It’s otherwise useless, outside of your phone.
Because the token number is totally random (except the last four digits), there’s no way to decrypt it. And if a hacker, did, it would still be useless outside the phone, as a dynamically-generated CVV code (like the one on the back of your physical card) is sent to the card network to identify your device. The token doesn’t hold your credit card number, the other 12 digits are not influenced by your credit card number, and there’s no master key or math formula to divine your credit card number from your token number. A major breach of token numbers, or intercepting the NFC transmission, nets the hacker nothing of use as, unlike with normal credit cards, the merchant doesn’t hold onto any important information.
With the credit card number no longer on your phone, a transaction with a merchant works like this: You hold your phone up to the point of sale machine after selecting the appropriate card. Near-field communication (NFC) technology transmits the token — which, remember, does not actually have any credit card information in it — to the merchant. This takes the form of a cryptogram, holding information about the token, the CVV, and the transaction, meaning it is a one-time use cryptogram. The merchant sends the token/cryptogram to the credit card network, where it is matched against the credit card account that created the token. If the lender confirms the token matches an existing token on file for a credit card, it sends a message back to the merchant confirming the transaction.
Keep Your Phone Safe
The problem, instead of hacking the token, is your phone. If you leave your phone somewhere, or it’s stolen, and it isn’t password-protected, the thief can easily go on a spending spree with no problems.
The first piece of advice is to set a password to lock your phone. It might be a small hassle, having to input a code every time you open your phone, but it’s worth the peace of mind. Even better, if your phone has a fingerprint reader or utilizes facial recognition, use this as well.
If a thief is able to figure out your passcode, use our second piece of advice: Lock the virtual wallet. Not only will they have to get past a code to get into your phone, they will have to figure out a way around needing your fingerprint for authorizing a transaction on your end.
Much like the virtual credit card, using your credit card through your phone could be more secure than just simply using your credit card by itself. It doesn’t transfer any credit card information to the merchant, and intercepting the signal would be useless for a hacker. Thanks to the token system, using a virtual wallet on your phone is a secure way to pay.
Image Source: https://depositphotos.com/
A former newspaper journalist, Cole spends his free time reading, writing, playing video games, watching movies, and learning about every subject under the sun. He lives with his wife and daughter in Idaho. Follow Cole on Twitter: @ColeMayer42
This post was updated January 18, 2018. It was originally published January 23, 2018.