Safe Mobile Payment Services
Nowadays, quite a number of mobile payment services have gradually emerged into the market. These services require users to install specific mobile application on smart phones. Some mobile payment services could also be deployed on other devices such as smart watches and tablets etc. The non-contact means used for operating these mobile payment services generally fall into two categories, namely NFC (Near-Field Communication) technology and QR code (Quick Response code) technology. Though these payment services have adopted cutting-edge security technology, such as data encryption at NFC transmission or frequent change of QR code generated for payment services, users should enhance their information security awareness and put sufficient security measures in place to avoid any monetary loss.
Risks and Impacts
- Mobile phone to be stolen or lost due to the failure of safeguarding the device properly.
- Mobile phone to be attacked by malicious software due to insufficient security measures.
- Transaction details (e.g. the recipient) to be altered or payment details probably stolen while making transactions with suspicious merchants.
- Chances of being redirected to malicious websites while using QR code payment services.
- Chances of encountering NFC tags altered by criminals or fake NFC readers while using NFC payment services.
- Redirected to malicious websites leading to download of malware on the mobile phone.
- Personal data, transaction contents or payment details to be stolen.
- Manipulated by criminals to make unauthorised transactions leading to monetary loss.
General Security Measures
- Set a strong password and enable auto-lock screen feature on your mobile phone.
- Set a strong password for the mobile payment service application. This password should be different from the ones for other services. Change the password regularly. Never save the password on your mobile phone or disclose it to anyone.
- Install mobile payment applications only from official or trusted sources, and read carefully the terms and conditions to understand the service charges, and users’ rights and responsibilities, in particular those related to privacy and personal data.
- Do not deposit large amount of money in the mobile payment application. The amount should be duly kept to your actual needs.
- Check your transaction records regularly and report to the related bank or payment service provider as soon as possible for any suspicious or unauthorised transactions found.
- Avoid using mobile payment services through public Wi-Fi networks.
- Turn off any unused wireless connection like NFC or Bluetooth after the transaction.
- Never alter your mobile operating system or “Jailbreak” or “Root” your device.
- Remove expired software and timely update your operating system, mobile applications and web browsers.
- Keep your anti-malware software and its signature file up-to-date.
- Always safeguard your mobile phone and other mobile devices used for payment services.
- Turn on the security features in your mobile phone, for example iOS users can turn on the Remote Wipe function and use two-step authentication on iCloud.
Considerations while Using Mobile Payment Services
|NFC (Near-Field Communication)||QR Code (Quick Response code)|
Security Measures after Completion of Mobile Payment Transactions
- Check the transaction records issued by the bank or mobile payment service provider immediately.
- Keep all transaction records for reference and scrutiny in the future.
What Should I Do if Losing My Phone?
- Initiate Remote Wipe to remove the credit card information stored in the mobile phone.
- For iOS users, please login to the “Setting” section at the website icloud.com.
- For Android users, please login to the “Device Management” section of Google.
- Other users could initiate Remote Wipe through other specific applications. Should you have any enquiries, please contact the mobile service provider or smart phone manufacturer.
- Report loss to or request suspension of mobile payment services with the bank or mobile payment service provider.
- Stay vigilant against any unusual transactions.
Contact of local banks
Please visit the website of the Hong Kong Association of Banks
Hong Kong Monetary Authority - e-Wallets and Prepaid Cards
Cyber Security Information Portal - Keep your mobile device safe for Android user
Cyber Security Information Portal - Keep your mobile device safe for iOS user
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) - Near Field Communication Security Guidelines
Consumer Council - Get to know your data protection rights before using mobile payment services
Disclaimer: Users are also recommended to observe the Important Notices of this website and read the user agreements and privacy policies of the security software and tools before download and use them.