A Transaction Lock refers to the step taken by mobile payment app users to secure their accounts and help prevent fraudulent activity. A form of Transaction Lock is commonly seen when credit card users ‘lock’ their credit card when it’s been lost or stolen to prevent it from being used anywhere by criminals.
Transaction Locks are specifically meant to prevent malicious users from sending money through payment applications like Cash App, Apple Pay, and Google Pay. The Transaction Lock on these apps operate by forcing the users attempting to make a payment to enter a passcode or authenticate via biometrics (face scan, fingerprint); similar to when you unlock your iPhone, using your face to authenticate. It’s important to understand that the application itself doesn’t have a ‘lock’, authentication only takes place when a specific form of transaction is being attempted.
How Can We Stay Secure?
It is really important that you enable these Transaction Lock features to ensure you are the only one performing transactions on your mobile payment app accounts. No matter what application you use, there are security features available that can help you stay secure. Following CyberHoot’s best practices below for smartphone security is a gigantic step forward for your cybersecurity preparedness.
- Don’t use weak passwords or worse, no password, on your smartphone. Enable any combination of a biometric lock (face scan or fingerprint scan) or a geometric unlock sequence combined with a complex passcode of at least 8 characters in length. This is two-factor authentication.
- Don’t lose your phone. Keep close tabs on it. Physical access allows hackers to break into just about any device.
- Enable ‘Find My Phone’ features available on both Android and iPhones, giving you the ability to lock or wipe your device in seconds if it’s lost or stolen.
- Always keep your mobile device up-to-date by installing the latest operating system software from your mobile vendor quickly after release.
- Enable Two-Factor Authentication on all critical accounts including email, banking, and online payment applications.
- Some payment apps allow you to “share your payments” with others publicly. While this may seem cool, it puts you at risk of being socially engineered by hackers. Do not share payments publicly.
- Turn on notifications for payment apps whenever transactions take place. You will be alerted in real-time, allowing you to take action immediately if fraudulent activity is occurring.
- Avoid downloading any malicious applications. Check up on what you’re installing. See where the developers are located. Read this CyberHoot article on how to review browser plugins for privacy, for details on researching software security and apply this to your smartphone.
- Only install apps from Google’s Play Store and Apple’s App Store.
- Never jailbreak or root your smartphone if you have sensitive data on it.
ADDITIONAL SECURITY RECOMMENDATIONS FROM CYBERHOOT
While these are all vital when using smartphones, you should also follow these additional practices when using computers, especially at work. CyberHoot recommends the following best practices to prepare for, limit damages, and sometimes avoid cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require 14+ character Passwords in your Governance Policies
- Follow a 3-2-1 backup method for all critical and sensitive data
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Perform a risk assessment every two to three years
Start building your robust, defense-in-depth cybersecurity plan today with CyberHoot.
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.