Commentary

Cybercrooks come a-calling through your phone

Parting with money is just a click away these days, thanks to new breakthroughs in mobile payments.

Over the past year, people have been able to save credit card details in, say, taxi-booking and shopping apps, making it more convenient to pay.

New varieties of PayPal-like digital wallet services such as MasterCard's MasterPass and Visa Checkout have given users more choice, allowing mobile payment to catch on here. Like PayPal, MasterPass and Visa Checkout store credentials in the cloud and let consumers pay without having to enter their bank card details each time they buy online.

More than one-fifth of mobile users here said they use digital wallets, some of which are integrated in taxi-booking apps, according to a MasterCard survey late last year. The figure was only 6 per cent two years ago.

This year, mobile payment is set to be even more convenient with the expected launch of Samsung Pay and Apple Pay in Singapore. Consumers will be able to tap their phones on contactless payment terminals at physical retail shops to pay for goods.

These newfound conveniences also spell a potential windfall for cyber criminals. Hackers are now targeting mobile phone users, and we have to be more vigilant.

The Association of Banks in Singapore (ABS) issued a warning - its first - in December last year following banking customer reports of malware-infected Android smartphones being used for fraudulent online purchases.

One phone malware victim, 47-year-old first-aid trainer Philip Loh, reportedly lost $12,327 to fraudulent transactions last September. He has since been embroiled in a dispute with United Overseas Bank.

Online crime cases have almost doubled to 3,759 last year, from 1,929 cases in 2014. Last month, Mr David Chew, director of the Commercial Affairs Department of the Singapore Police Force, said that Singapore is a target because "we have a wonderful infrastructure for the Internet".

So what can we do to protect ourselves against this rising tide of threats? I believe that taking a few basic steps in cyber hygiene can go a long way.

Many people get on the Internet these days using their phones. As a rule of thumb, do not download or update any apps from the Web browser on the phone as the links that take users to these websites are likely to be bogus.

App downloading should be via proper channels such as the Google Play or iTunes App stores.

Users should also be wary of downloading dodgy apps and surfing dodgy websites, where malware is often hidden.

Once malware takes over the phone, it is easy to carry out fraudulent transactions. Even one-time passwords (OTPs), which offer extra protection, can be intercepted as they usually come via SMS.

Embedded links in instant messages from chat apps and e-mail attachments are also known to carry malware.

From ABS' account of the fraud cases involving banking customers, it appears that the victims were duped into giving out their confidential card details after they downloaded malware on their phones.

To further safeguard users, banks here are even exploring the possibility of allowing credit card customers who shop online to generate OTPs using their calculator-like tokens before they pay for goods.

Samsung Pay and Apple Pay systems require fingerprint verification for purchases, offering users high-tech protection.

Even with these tech advances, mobile phone users need to be wary of the apps and files they download and the links they click on. If they do not lock the front door of their house, no amount of security cameras and surveillance video can prevent theft from taking place.

A version of this article appeared in the print edition of The Straits Times on March 02, 2016, with the headline 'Cybercrooks come a-calling through your phone'. Print Edition | Subscribe