Online payment security for everyday consumers
By Dr Bright Gameli Mawudor | July 15th 2020
The economy is moving toward the adaptation of being a cashless market as the shift to a digital payment is on the rise.
Data from Central Bank of Kenya indicated that in the year 2019, Kenyans moved Sh4.35 trillion through their mobile phones and as compared to 2018, transactions total rose by Sh361.39 billion.
As much as that reflects to digital transactions which is partly online from the comfort of their couches, several individuals still do businesses by physically going to shop due to one reason or the other.
Some of the factors that led to the growth of digitization include:
1. The ever-growing mobile phone penetration
2. Use of mobile applications for services rather than go to a bank branch
3. Considerably lower cost of service delivery and
4. Saving a lot of time with variety to choose from with flexibility
Emerging technologies and ease of integration of systems such as e-wallets, contactless cards and mobile payments has allowed for Business to Business and Business to Customer transactions with high availability and accountability making small business or enterprises to grow. Merchants do not have to spend a lot of time understanding the architecture behind the scenes due to all the models that has been put in place by service providers for them to spin up website or mobile application and move their shop online at a low cost.
All the above, as simple and effortless that they present for one to shop online or pay for services with ease introduces a number of cyber security risks. This could be on the part of the merchant or carelessness of the consumer who might not be aware of certain dangers of digital transactions. There has been an increase in scams that got a lot of businesses and individuals to lose their money one way or the other with little or no recovery.
The most prevalent methodology is the act of social engineering where one is convinced to share sensitive details to an attacker or scammer via either email/mobile links (Phishing) or through voice (Vishing). The dominant being Vishing, is a well thought out conversation that an attacker uses to convince a consumer to reveal sensitive details such as PIN numbers and other confidential information. The information gathered is used in further attacks such illegal transfer of funds from mobile wallets or online fraudulent transactions that are unauthorized.
Consumers need to look out for a number of dangers on the internet as they enjoy the freedom of online transactions. Below are other pointers to take into consideration to make secure digital payment and stay safe.
Email Security – Your emails serve as the base for any form of primary security thus it is paramount to keep it secure. Most online payments will require you to enter an email address in order to get progress updates and a receipt of your transaction. A secure email not only does it need a strong password but also 2 factor authentications enabled which is a second authorization level to your mobile phone number before access is granted.
OTP – One Time Pin feature is essential on a merchant’s page to enable confirmation code from you the consumer before a payment is processed. This is not common with most merchants, but some will either redirect to the banks banking page to approve the payment or send directly to your mobile phone if you are a registered member.
Making Payments as Guest – Some merchants checkout options allow for guest checkout to avoid customers signing up on the page ruining the experience. Extra carefulness is needed on such a website to make sure it is genuine by paying attention to the website name and looking out for obvious features such as HTTPS Secure lock. Further checks can be done by checking the authenticity of the website using https://www.virustotal.com/gui/home/url and this can be used to check phishing links as well.
Malicious Mobile Applications – Advertised products or service that appear on social media directs consumers to download mobile applications to be able to access a services or goods. These applications can be malicious and be used to capture card details or at times the mobile application gets access to contact list, SMS and even listen to voice conversations in the background. Users need to be aware of applications and should be downloaded from legitimate sources such as Android Playstore or Apple iOS store.
Payment Alerts – Consumers need to subscribe to payment alerts from their individual banks to instantly review transactions that has been performed on their cards. Advantage of this is the ability to get a quick turnaround time to reverse the transaction or block to avoid further damage.
Clear Cache and Cookies after online transaction – After every transaction for any payment platform, it is essential to clear your cache and cookies to not leave any traces and possible technical details that an attacker can use later to perform transactions impersonating you. Not every platform is secure thus prudent to take any chances.
The vulnerabilities of the digital age are not about to stop anytime soon, and a lot of responsibilities lies with us to make sure that we are secure regardless of the amount of effort and security online merchants put in place. Our approach to digital transactions has to change to always look for anomalies, pay attention to details and adjust to react with precaution where needed at all times.
The writer, Dr Bright Gameli Mawudor is a Cyber Security Consultant with a PhD in IT Convergence and Application Engineering with concentration in Information Security.
Construction of Sh20b housing project kicks off in Athi River
- Digitisation key in unlocking banks’ potential
By Kendi Ntwiga
- Kenya leads peers in water supply and sanitation inequalities
- Tying varsity funding to graduate jobs bold step
By XN Iraki
- What HR can do as burnout drives workers to 'The Great Resignation'
By Samuel Njogu
- Kenya races ahead of peers in sovereign wealth fund set up