Madhu Kesavan
Madhu Kesavan 19 January 2017
Categories Ecommerce, Mobile, Technology

Is It Safe To Do Digital Transaction Through Your App?

In May of 2016, Starbucks made the headlines not for serving the best coffee in the US but for a major hack on their mobile payment app.

Starbuck’s mobile app is the preferred means of payment for many of their customers. The mobile payment system is said to account for at least 15% of purchases made by customers at Starbucks outlets. The app has also helped the franchise reduce various expenses and overheads. The app allows the company to pay much lower fees for accepting card payments.

Hackers targeted the app because the many coffee drinkers are known to store their credit card information on the app. This makes it easier to make payments. It also makes it easier to steal the crucial information.

The Starbuck’s app isn’t the only victim of hacking. There are many other mobile apps that have experienced cyber-attacks in the past including Venmo, a mobile payment app owned by PayPal.


The Problem with Mobile Technology

There is no doubt that making digital transactions through an app is very convenient. Many people use their smartphones to access the internet anyway and many more make purchases online. Having an app just makes everything easier.

However, mobile technology is still a growing area. While the technology is advancing in great leaps and bounds, so are hackers. There are still many vulnerabilities that exist in malware protection software for mobile devices that hackers can take advantage of. 

Mobile devices in and of themselves are not secure.

  • Devices can be accessed by anyone. When left unattended, the devices can be picked up and a person can easily access information on the phone. This is especially true for devices without password protection.
  • Each app on a phone can be considered as a separate type of software. Many of these apps present various vulnerabilities that hackers can take advantage of. Hackers often use apps to access phones remotely and gain information.
  • Mobile devices rely on wireless / Bluetooth signals. Hackers today are able to capture these signals especially when sent over public networks without the use of a firewall for security. They can therefore intercept and access vital information.

Securing your app

Mobile apps provide a great deal of convenience when it comes to accessing information. As more people rely on their mobile phones to carry out various tasks it only makes sense to make it easy for them to carry out transactions on their phones. However, it is important for mobile app developers to pay close attention to security too.

  1. Limiting the transmission of sensitive data

Many apps require person to provide sensitive information such as their bank account number or credit card number to establish their identity before making the transaction. This information is sent over a wireless signal every time a new transaction is made. This makes the customer vulnerable.

Transmitting or storing this vital information on the phone is dangerous. Apps should instead rely on a different way to verify the identity of the user. A great way is to provide a ‘preferred checking’ that the customer can set on their account. This prevents the sending of private information back and forth.

  1. Passcode access

It is important to require a security password for an application and the re-validation of the passcode when the user is performing specific tasks such as making a transaction. Contrary to popular belief, this won’t slow down or compromise user experience. It will in fact act as a confirmation of the transaction that they are about to perform.

Apps should also be designed to detect malicious activity. When this happens, the app should prompt the user for additional information in order to complete the transaction.

  1. Using Advanced Encryption Standard

Data from transactions is usually stored on devices in the form of texts. If this is the case, then hackers can use the information to gain access to accounts.

You can prevent this by using advanced encryptions standard (AES128). This standard allows for the encryption of recent transactions on the device.

Apps should be designed to never store data such as account balances or transaction data on the device.

  1. Using secure data services access

Ensure that your app requests data over a secure socket layer (SSL). This ensures encryption of information and benefits of SSL certifications is explained well. Apps should use OAuth specification that allows the app to connect the device’s data services without storing passwords or usernames on the device.

Applying the best practices when developing applications that include transaction aspects will help to secure your app. This in turn will help to inspire confidence in your customers.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Are virtual reality and augmented reality the next step for CMS?

Are virtual reality and augmented reality the next step for CMS?

In a fitting conclusion to a year many hailed as the “year of virtual reality” (VR), in December 2016, WordPress made it possible for users to create and publish VR content on any WordPress site. The change meant that users could publish 360-degree photos on their sites, and regular photos and panoramas could be viewed in VR.

Leonie Mercedes
Leonie Mercedes 16 October 2017
Read more
Collection Of The Best Email Testing Tools Online

Collection Of The Best Email Testing Tools Online

Don’t be afraid of email testing. There are many free or freemium tools online that can help you with testing your SPAM score, deliverability and even the rendering of your email. We feature 30 email testing tools in this article. Check out the complete list!

Roland Pokornyik
Roland Pokornyik 31 October 2016
Read more
Smash your customer acquisition targets with these AB tests

Smash your customer acquisition targets with these AB tests

Don't second guess what will work best to drive new customer acquisition via referral. Plan a program of AB tests to maximise results and you could benefit from a 5-7x improvement in results!

Angela Southall
Angela Southall 17 October 2017
Read more