Is It Safe To Do Digital Transaction Through Your App?
In May of 2016, Starbucks made the headlines not for serving the best coffee in the US but for a major hack on their mobile payment app.
Starbuck’s mobile app is the preferred means of payment for many of their customers. The mobile payment system is said to account for at least 15% of purchases made by customers at Starbucks outlets. The app has also helped the franchise reduce various expenses and overheads. The app allows the company to pay much lower fees for accepting card payments.
Hackers targeted the app because the many coffee drinkers are known to store their credit card information on the app. This makes it easier to make payments. It also makes it easier to steal the crucial information.
The Starbuck’s app isn’t the only victim of hacking. There are many other mobile apps that have experienced cyber-attacks in the past including Venmo, a mobile payment app owned by PayPal.
The Problem with Mobile Technology
There is no doubt that making digital transactions through an app is very convenient. Many people use their smartphones to access the internet anyway and many more make purchases online. Having an app just makes everything easier.
However, mobile technology is still a growing area. While the technology is advancing in great leaps and bounds, so are hackers. There are still many vulnerabilities that exist in malware protection software for mobile devices that hackers can take advantage of.
Mobile devices in and of themselves are not secure.
- Devices can be accessed by anyone. When left unattended, the devices can be picked up and a person can easily access information on the phone. This is especially true for devices without password protection.
- Each app on a phone can be considered as a separate type of software. Many of these apps present various vulnerabilities that hackers can take advantage of. Hackers often use apps to access phones remotely and gain information.
- Mobile devices rely on wireless / Bluetooth signals. Hackers today are able to capture these signals especially when sent over public networks without the use of a firewall for security. They can therefore intercept and access vital information.
Securing your app
Mobile apps provide a great deal of convenience when it comes to accessing information. As more people rely on their mobile phones to carry out various tasks it only makes sense to make it easy for them to carry out transactions on their phones. However, it is important for mobile app developers to pay close attention to security too.
- Limiting the transmission of sensitive data
Many apps require person to provide sensitive information such as their bank account number or credit card number to establish their identity before making the transaction. This information is sent over a wireless signal every time a new transaction is made. This makes the customer vulnerable.
Transmitting or storing this vital information on the phone is dangerous. Apps should instead rely on a different way to verify the identity of the user. A great way is to provide a ‘preferred checking’ that the customer can set on their account. This prevents the sending of private information back and forth.
- Passcode access
It is important to require a security password for an application and the re-validation of the passcode when the user is performing specific tasks such as making a transaction. Contrary to popular belief, this won’t slow down or compromise user experience. It will in fact act as a confirmation of the transaction that they are about to perform.
Apps should also be designed to detect malicious activity. When this happens, the app should prompt the user for additional information in order to complete the transaction.
- Using Advanced Encryption Standard
Data from transactions is usually stored on devices in the form of texts. If this is the case, then hackers can use the information to gain access to accounts.
You can prevent this by using advanced encryptions standard (AES128). This standard allows for the encryption of recent transactions on the device.
Apps should be designed to never store data such as account balances or transaction data on the device.
- Using secure data services access
Ensure that your app requests data over a secure socket layer (SSL). This ensures encryption of information and benefits of SSL certifications is explained well. Apps should use OAuth specification that allows the app to connect the device’s data services without storing passwords or usernames on the device.
Applying the best practices when developing applications that include transaction aspects will help to secure your app. This in turn will help to inspire confidence in your customers.