I-Team investigates mobile payment app security

BROOKFIELD, Wis. — For many of us, our cell phones can serve as wallets as long as we have mobile payment apps connected to our banks or other accounts.

There are a lot of services to choose from, like Venmo, Apple Pay, Cash App, Google Pay, Samsung Pay, and Paypal, to name some. According to a report by Allied Market Research, the global mobile payment market is expected to reach more than $12 trillion by the year 2027.

For anything financial, keeping our confidential information secure has to be a top priority.

Earlier this month, more than 8 million current and former customers of Cash App found out they could be affected by a data breach where their investment information was exposed. In that case, the company announced it was a former employee who is to blame. But the breach brings up an important subject: security surrounding mobile payment apps.

“It’s actually surprisingly hard to hack into the phones nowadays. They are locked down. They’ve got layers of security,” said Kevin Bong, a cyber security expert with Brookfield tech company, Sikich.

Bong explains while even your cell phone’s payment app may come with its own security in place, one slip-up on your part can put financials on your phone at risk.

“Most of the attacks start with email. The attacker finds a way to get into your inbox, and once they’re in there, they’ve got a lot of power,” he said. “So, that’s really what these attackers are going after. They’re not going after the apps on the phone, they’re going after the accounts.”

Without showing their tools, the I-Team asked Bong and his Sikich colleague, Thomas Freeman, to demonstrate how email phishing attacks can easily compromise your virtual wallet.

They sent the I-Team’s Kristin Byrne a fake email that stated it came from a customer service rep with a popular email application. The email encouraged her to click on a link so that she could send and receive digital payments.

For the sake of the experiment, she clicked on the link and was prompted to provide her email and the password she uses for her email.

“So, now on my screen I’m going to hit refresh and on the campaign screen I can see where you clicked and I have your password now,” Freeman said.

“So, now we’ll…