Friday, 15 November 2019 00:01

Shopping securely: Cyber security tips for in-app checkout & mobile payments

In-app mobile checkouts are a smart, convenient way to pay on the go - but what cyber security risks and considerations do customers need to be aware of? To help keep your finances secure while you shop, the team at ESET has put together a guide to everything you need to know about in-app checkouts and cybersecurity best practices.

Mobile payments are on the rise

In today’s digitally connected, always-on world, convenience is king. Just look at how we use our devices. Today, mobile is one of the top digital touchpoints for shoppers, with nearly half (46%) of all ecommerce market revenue in Australia last year transacted through mobile devices, according to tech analyst firm Telsyte.

To adapt to our demands for convenience and seamless user experiences, retailers are continually elevating their mobile experiences in order to attract, convert, and retain loyal customers. Every online interaction needs to be easy, instant, and secure - or customers will shop elsewhere in a matter of seconds.

The need for such constant customer-centric innovation can be seen in a recent move by Facebook-owned Instagram, that, little by little, is making its way into the ecommerce industry. In March this year, Instagram announced its plan to add a checkout feature to its mobile apps in the US. The company first introduced shopping features in 2016, but up until now customers had to leave the app in order to make a purchase.

The emergence of in-app checkouts and payment options signals yet another way for customers to pay on the go with the utmost convenience. But, as with any innovation, the in-app checkout also gives rise to new cybersecurity risks and considerations. So what do you need to know to stay secure while shopping via an in-app checkout?

What is an in-app checkout?

Mobile app checkouts allow customers to store payment information within an app to make purchases more quickly. Such features typically include support for Visa, Mastercard, American Express, Discover and PayPal. Other in-app checkouts allow users to pay for items in-store via the app, such as with popular ice cream brand Messina’s app.

For Instagram, brands like Nike, Adidas, Dior, H&M, MAC Cosmetics, Prada, Uniqlo, and Zara have started to utilise Instagram’s checkout feature. Businesses will also be able to integrate their checkout with partners such as Shopify, BigCommerce, ChannelAdvisor, CommerceHub and more in the future. In return, Instagram is charging retailers a selling fee.

Smartphones are increasingly being used for mobile payments in Australia - according to Telsyte, about half of all mobile payment users surveyed said they used smartphones for this purpose regularly. One in eight Australians between the ages of 16 and 34 had also changed or joined a new banking provider because of lack of support for mobile payments.

What are the risks of in-app mobile payments?

As our passion for online shopping continues to grow, it’s important to be aware of the cybersecurity risks and best practices when using an in-app checkout.

1. Public Wi-Fi

Whenever you send data over an unencrypted network, like a public Wi-Fi network, you open up the opportunity for hackers to breach your network and access that data. If you’re using an in-app payment system, setting up a mobile wallet, or accessing a mobile banking app while connected to an unknown source of Wi-Fi, it’s possible for hackers to access your payment details. Avoid this risk by only connecting to trusted Wi-Fi networks, and never entering any personal information on your phone while using public Wi-Fi. If possible, use a VPN when connecting to unsecured networks, or simply switch off your Wi-Fi and use your mobile data for transactions on the go.

2. Stolen Devices

One of the great things about in-app mobile payments is that it's far more convenient and secure for users to make purchases. However, instead of all your cards being stored in your wallet, their details are stored on your phone - and one of the most common mobile payment security concerns is what happens if your device is stolen.

Using a strong passcode on your mobile device is your first line of defence. Many mobile security apps also allow you to remotely wipe your device if it’s stolen.

3. Weak passwords

If you don’t set strong passwords, or have used the same password for multiple accounts and sites, your mobile payments may become vulnerable to hackers. If cybercriminals are able to access to your PayPal password, for example, then they may gain access to your linked card or account. Further, if a cyber criminal can access your email through compromised credentials from a related account, they may then be able to initiate a password reset on your payment system account and perform the confirmation step via your email account.

4. Malware attacks

If your smartphone has been infected with malware, then your financial data will be at risk. Android has its fair share of malware and scam apps, and iPhones aren’t immune, either. Being cautious about common phishing tactics, which apps you download and which sites you visit can help to minimise this risk, as can a multi-device cybersecurity solution like ESET Internet Security.

5. Flaws in Apps

Handing over your cards to an app puts a lot of trust in the app’s level of security - and just one vulnerability in a payment app could expose all your data to hackers. While reputable apps release regular security updates and patches, it’s still always a potential risk that the developers have missed something.

Paying securely

Common online payment gateways, such as PayPal, New Payments Platform (NPP), PayID and Osko by BPAY, can add an extra level of security to your mobile payments through data encryption and anti-fraud technology.

Most trustworthy in-app mobile checkouts should offer these payment methods, and you should make use of these whenever you have the option. On the other side of the coin, retailers that follow best cyber security practices for mobile app checkout and payment functionalities will have a significant advantage over their competitors.

Mobile payment technology will continue to evolve and improve as online businesses work to meet their customers’ demands for a smoother user experience and better security. However, there will always be some level of risk when making payments online. To stay protected, ensure you maintain good security habits and consider whether your device and cyber security software is adequate for your mobile payment needs.

Read 2786 times


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments