Are Mobile Payment Apps More Dangerous Than We Think?

A Hampton University student named Stephanie Smith kept getting entreaties from friends to download a certain mobile payments app, as it was offering free money to those who signed up. Smith did, and discovered it was even more convenient than she expected. But the app in question, known as Cash App, has met with criticism from cybersecurity experts who find its security lacking.

Cash App in particular might be one of the most bare-bones breeds of mobile payments app. Users simply connect the app to a bank account and, from there, users can send and receive payments accordingly. Those using the app can then take the money contained in the app and “cash out”, sending the balance back to their bank.

If that sounds dangerous, then you’ve spotted the same point that cybersecurity experts like Andrew Daiber did. Cash App has an unusual build to it in which security features come disabled by default, Daiber noted, so anyone who gets access to a user’s phone would effectively have untrammeled access to that user’s money.

It’s a safe bet that such features can be activated after download—if they’re disabled at default it has to mean they do exist—but for beginner users, this may be an issue. Further problem comes in that Cash App users can send request links to other users, encouraging them to download the app. These links can, according to Daiber, be “…slightly off to where it might take you to a vulnerable web page, or it could download a virus or malware.”

The potential security flaws around mobile payments have been known for some time. When mobile payments first emerged, security was the biggest sticking point for users who were unsure that handing over financial information to a device they used to take pictures and play “Angry Birds” on was anything resembling a good idea. Mobile payments app providers responded accordingly, with tokenization, biometrics and a host of other protections, and that’s been quite a help. However, a certain amount of responsibility has to be taken at the user level.

Granted, not everyone’s gone this far, but there’s still a lot of protection out there in mobile payments. It’s on the user to take advantage of all that protection, of course, but mobile payments only get safer.