Transaction Lock

A Transaction Lock refers to the step taken by mobile payment app users to secure their accounts and help prevent fraudulent activity. A form of Transaction Lock is commonly seen when credit card users ‘lock’ their credit card when it’s been lost or stolen to prevent it from being used anywhere by criminals.

Transaction Locks are specifically meant to prevent malicious users from sending money through payment applications like Cash App, Apple Pay, and Google Pay. The Transaction Lock on these apps operate by forcing the users attempting to make a payment to enter a passcode or authenticate via biometrics (face scan, fingerprint); similar to when you unlock your iPhone, using your face to authenticate. It’s important to understand that the application itself doesn’t have a ‘lock’, authentication only takes place when a specific form of transaction is being attempted. 

How Can We Stay Secure?

It is really important that you enable these Transaction Lock features to ensure you are the only one performing transactions on your mobile payment app accounts. No matter what application you use, there are security features available that can help you stay secure. Following CyberHoot’s best practices below for smartphone security is a gigantic step forward for your cybersecurity preparedness. 

• Don’t use weak passwords or worse, no password, on your smartphone. Enable any combination of a biometric lock (face scan or fingerprint scan) or a geometric unlock sequence combined with a complex passcode of at least 8 characters in length. This is two-factor authentication.
• Don’t lose your phone. Keep close tabs on it. Physical access allows hackers to break into just about any device. 
• Enable ‘Find My Phone’ features available on both Android and iPhones, giving you the ability to lock or wipe your device in seconds if it’s lost or stolen.
• Always keep your mobile device up-to-date by installing the latest operating system software from your mobile vendor quickly after release.
• Enable Two-Factor Authentication on all critical accounts including email, banking, and online payment applications.
• Some payment apps allow you to “share your payments” with others publicly. While this may seem cool, it puts you at risk of being socially engineered by hackers. Do not share payments publicly.
• Turn on notifications for payment apps whenever transactions take place. You will be alerted in real-time, allowing you to take action immediately if fraudulent activity is occurring. 
• Avoid downloading any malicious applications. Check up on what you’re installing. See where the developers are located. Read this CyberHoot article on how to review browser plugins for privacy, for details on researching software security and apply this to your smartphone.
• Only install apps from Google’s Play Store and Apple’s App Store. 
• Never jailbreak or root your smartphone if you have sensitive data on it.

Sources: 

Cash App

Apple Pay Support

NYTimes

Additional Reading:

How Secure Are Payment Apps?

Hackers Releasing Fake Contact Tracing Applications

Smartphones Targeted by Drive-by Malware

Related Terms:

Bug Bounty 

Two-Factor Authentication 

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like: 

• Blog
• Cybrary (Cyber Library)
• Infographics
• Newsletters
• Press Releases
• Instructional Videos (HowTo) – very helpful for our SuperUsers!

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.

Find out how CyberHoot can secure your business.

Schedule a demo