By Peter Kardel
Thieves may be smart, but your smartphone is smarter. Use it to make payments safe and secure
Ok, I admit, this is embarrassing – really embarrassing. I spend a major part of my days helping clients manage technology in a way that makes transactions safe and secure. After all, millions of dollars can be on the line.
But me? I lost $700 to a card skimming operation. (Insert sound of hand slapping forehead.) Okay, it wasn’t millions of dollars, but I still feel stupid, especially when I’ve read plenty of stories like this one.
Here’s how it works: A criminal secretly installed a device into an ATM or other terminal that reads that magnetic strip on payment cards, then uses that information to clone each card used. If that weren’t egregious enough, the thief that stole my money even installed a camera recording me entering most of my PIN at the terminal I used.
Then the thief waltzes up to an ATM at a nearby pharmacy and inserts that fake copy of my card into the terminal. Yeah, he had to guess a few times to enter the right PIN, but all it took was about 90 seconds for him to withdraw $700 from my account.
(You can read more about how this scam works here)
I know. I know. I should stop kicking myself, but it’s humiliating. It’s as if I install sophisticated home security systems for a living, but leave half the windows at my own home wide open.
Archaic financial “technology” still stuck in the dark ages
In my line of work, if I’m using technology that’s even five years old, I’m an ancient relic and really should be put out to pasture.
But storing data on magnetic strips? That dates back decades – to the 1970s! There wasn’t even an Internet back then. Sure that technology helped us get to the Moon, but the GPS system in your car is way more powerful than any computer used during those Apollo missions.
And four-digit PIN numbers? Don’t get me started. Even if the camera hadn’t recorded me entering my number, that’s hardly much protection. Password algorithms can now crack a PIN like that in a millisecond without breaking a sweat.
It’s as if to secure our digital assets, the banking system is handing us nothing but a G-string to wear (with a lecture to be modest and protect that password!).
Nope, not good enough. Doesn’t cover me at all.
Yes, while newer chip technology is being introduced for card payments, I’m sure evil hackers are already working on cracking that, too. After all, the bounty is huge!
Get smart about payments
Okay, rant over.
There’s actually a silver lining in all of this. An expensive lesson for me to be sure, but I’m not wearing that G-string anymore. I’m never going to be the victim of dumb fraud like this, especially when security is so simple and easy.
Just start using your smartphone for payments. I’m using Apple Pay, and it only takes a few minutes to set up. There’s also Android Pay and Samsung Pay, but all work based on the same idea.
You see, that smartphone is a whole lot smarter than you might think. It knows who you are. Even better, if someone steals it, it knows that you’re not the one using it.
How? Two ways. Transactions are authorized using two-factor authentication (your phone and your fingerprint). What’s more, the technology uses “one-time payment tokens.” That means even if a terminal has been compromised, the only thing a hacker gets is a token that’s worthless and contains no personal identification.
So while your bank gave you that G-string, it’s as if Apple Pay has outfitted you with new sharp-looking tailored suit.
Set it all up in 90 seconds
In the same time it took that thief to steal my $700, you can set up Apple Pay. Assuming you have the latest Apple iOS, just follow these steps:
- Tap the “Wallet” app and then tap “Add new card”
- Hover your phone over your credit or debit card so it can be read by the camera
- Enter your name and CID/CSC security code
- Tap “Done”
Your details will be confirmed with your bank. If that institution isn’t led by total Luddites, your card is supported and is quickly enrolled. About two-thirds of my cards are supported. The rest? I’m cancelling them.
No delays: “That was cool!”
Using Apple Pay is stupidly easy. Just look for these logos:
When you pay, you just hold your phone over the terminal.
The Apple Wallet app opens automatically and you confirm your identity with the fingerprint scanner. If you want, you can toggle between cards before approving payment. Since Apple Pay is managing security from your phone, not the terminal, there’s no annoying long delays like you experience with chip readers. This works instantly.
The merchant does not need to do anything differently. In fact, it’s amazing how many merchants accept payments like this and don’t even know it. Often they’ll be surprised – even delighted: “That was cool, I didn’t know we took those!”
Pretty much any store that has installed new terminals can accept these payments. Gas stations are lagging, but they have a deadline of October 1, 2017 to get with the program.
Insist on secure payments. Use your smartphone to pay. It’s fast, free, and really a no brainer.