More stores and restaurants are encouraging customers to ditch their physical wallets in favor of digital wallets, but fine print, buried in some bank terms of service contracts, leaves consumers on the hook for any potential fraud.
Mobile payment services like Apple Pay and Android Pay allow people to make purchases in stores and online with a smart phone or smart watch, instead of using a traditional credit card with a magnetic strip. Experts say that strip is outdated and leaves your personal information vulnerable to theft.
At Pour Cleveland, a coffee shop downtown, the mobile payment service has been available for just a couple of weeks.
“You basically just hover your phone over this small square here and it reads it...pretty instantly,” Pour Cleveland owner Charlie Eisenstat said.
Your fingerprint authorizes the purchase, and just like with those new chip-enabled cards, your information is now encrypted, making it harder to steal, but consumers need to read the fine print.
newsnet5.com found some banks are leaving their customers who opt to use mobile payment systems on the hook for fraud. One bank’s terms of service contract even said this: “We are not responsible if a security breach occurs that affects any information stored in any Wallet."
Ken Stasiak, CEO of Cleveland-based cyber security consulting firm Secure State, said that is a change from how banks used to treat fraud, back when the magnetic strip reigned supreme.
“You’re not going to see big scale breaches, like Target, in 2016 and ’17,” Stasiak said, “with EMV (chip-enabled cards) and these new technologies being rolled out. Because of that, the liability is now being shifted to the consumer because they believe, if it gets breached, it came from the consumer, not the retailer.”
Still, Stasiak said mobile payment systems are the best bet for online purchases. He said the encryption makes it more secure than manually entering a credit card number.
According to Apple, once an Apple Watch is removed from the wrist, it requires a passcode to regain access.