The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for . The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Terms apply to the offers listed on this page. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
The mobile phone era has ushered in services like rideshares and food delivery, and the use of apps to use such services has exploded. You may also be using mobile payment apps such as Google Pay. These apps will ask for your card information when you use their services.
You may be wondering: Is it safe to share your card data with apps? In most cases, yes. But there are a few issues to keep in mind.
Even though an app may be safe in itself, certain security issues could compromise its safety. For example, if you use a public network, the information you provide could be hacked. That would give criminals access to your card information and put your data at risk.
Using public charging stations could also expose your data. It is possible for hackers to load malware onto charging stations at public places such as airports, which means you may be compromising your data by using such amenities. That’s why you would be better off sticking to your own wireless charger.
When downloading an app, ensure that it’s legitimate and not a malicious app that could infect your phone with malware that would compromise your information. Make sure to do your research and verify that the platform or website you are downloading an app from is legitimate. Also, be vigilant and constantly update your software so you have the most current security measures available to protect your data.
Another pitfall to watch for is that you don’t give apps permissions they don’t need. Read through the fine print and make sure you are only allowing access to information you’re comfortable sharing. For instance, if an app asks for access to your contacts, you don’t have to provide it.
Standards for apps
The payments industry has a body called the Payment Card Industry Security Standards Council (PCI SSC) that comes up with global standards to safeguard payments. Those standards are constantly updated as the environment evolves, to help protect your card information, even when you give the information to an app.
Three points at which your data could be compromised on an app are when you enter the data, when it’s stored on the app on your device and when it’s transmitted out of the device. PCI standards require app developers to provide security in all these aspects in compliance with its evolving standards.
The standards say data stored on a mobile device should not be readable by unauthorized persons. Data transmitted outside of a mobile device should be encrypted. A private key is used so sensitive information is only available to the sending and receiving parties.
This prevents eavesdropping on the information, if your mobile device is compromised. Eavesdropping could also happen when your data passes through cellphone infrastructure.
The PCI standards also call for protections within the app itself, rather than just within a network, such as firewalls. In-app protections help detect attacks and protect information, and can end your sessions or shut down an application if they sense an attack. They may even be able to identify and report any unusual activity.
For payment apps, there should be a mechanism that enables them to be disabled, in case of compromise, by a provider responsible for the service. The PCI security standards specify that apps distributed through online app stores have certain controls in place to ensure the integrity of the software and authenticate the sources of the apps.
The bottom line
Popular credit card-based apps such as Uber and Lyft, Google Pay and Door Dash will ask for your credit card information for convenience of use. Considering there are standards that the Payment Card Industry has developed for app security, it’s generally safe to give your information to apps. However, you should always watch out for security pitfalls, and be careful that you don’t put your data at risk.