Since the arrival of NFC (Near Field Communication) technology to our mobile phones, they have become the perfect substitute for our wallet full of credit and debit cards. As convenient as this form of payment can be, we also need to follow a series of security rules.
Most likely, your smartphone already includes mobile payment via NFC. In iOS it has been present since the iPhone 6 (since iOS 11 you can even use NFC with other third-party apps other than Apple Pay to pay with your mobile) and in Android it is also present in the majority of phones of all sizes. brands for years. If you are going to use this payment method, do so according to the recommendations of the Bank of Spain.
Advice from the Bank of Spain
Mobile payment has been consolidated over the years as an increasingly used alternative to pay comfortably and contactlessly in all types of businesses. Since debit or credit cards themselves incorporated a contactless chip, the NFC technology of smartphones has been able to assume the same functionality.
The main advantage is more than evident: we do not need to be burdened with a wallet full of plastic from the different accounts or entities in which we have stored our money. In addition to this convenience, the smartphone is such an essential device in our daily lives that we also carry it everywhere, so it can serve as a backup if we have forgotten the card.
All this, however, also adds new risks and represents a new way for cybercriminals to try to steal our money, but we could keep them at bay by following the advice set by the Bank of Spain for secure mobile payments.
The first of them, which should be something that you would also have to apply even if you do not pay with your mobile phone, is to have a blocking system configured on your mobile phone to prevent any outsider from having free access to our information. You should have this already solved taking into account that applications to pay with your mobile phone consider it an essential requirement.
If possible, set up a two-factor authentication to access the application you use as a digital wallet (Google Pay or Apple Pay, for example). In addition, it establishes a minimum amount for which the PIN code is requested to authorize the operation. By default it is usually set at 50 euros, but you can reduce it if you want to minimize the risks of an unauthorized purchase.
The last of the Bank of Spain’s recommendations is that you deactivate the NFC option on your device while you are not using it. There are NFC reading devices such as the popular Flipper Zero tool that, if we let our mobile phone emit payment data, could cause it to fall into the wrong hands.
Is this payment method secure?
If we heed the advice of the Bank of Spain and implement these measures, we are facing a truly secure way of making payments for our purchases. In addition to serving as a substitute for the physical plastic card so you don’t have to carry a wallet full of these payment methods, they offer extra protection at a security level.
For example, using applications that act as digital wallets, in case we lose our mobile phone, no one will be able to access that sensitive personal information. This is possible thanks to the fact that these card data that we have configured in our mobile payment platform have so-called tokenization.
For example, when you make a purchase and pay for it using Google Wallet, the payment is made through a virtual card or “token” that does not correspond to our real card. In the case of Apple Pay, something similar happens, a unique numerical identifier is used for our device that is encrypted. Thus, the complete and real number of your card is never completely stored either on the payment device or on its servers where the transaction is processed, in addition to the fact that the applications that act as wallets do not share the data. stored with third party.
The main danger that can happen is that we lose or have our cell phone stolen. This is why, for example, the Bank of Spain recommends measures such as having a lock configured, so that without a PIN, fingerprint or facial recognition, it is difficult for someone to access the device without our consent. Another thing to keep in mind is that if they have just taken our mobile phone at a stage in which it was unlocked, they cannot use it to make payments because they can do so up to a limit of the amount of money or the application itself used for the payments. payments have the same security measures and count as two-factor authentication.
