Should You Trust Apps That Access Your Credit Card Information?

Mobile payments are hot. In fact, Forrester Research predicts that U.S. mobile payments will reach $142 billion by 2019. At the same time, though, recent data hacks have made consumers increasingly aware of how vulnerable their personal and financial information really is. So, when it comes to smartphones, should you trust apps that access your credit card information?

No, says Pat Carroll, founder and chairman of ValidSoft, a London-based company that uses biometrics (human characteristics like voice recognition) to help companies validate customer transactions.

"You should not give your credit card information through any app," Carroll says. "You can't trust apps, not even apps that are coming from legitimate sources. Information has been increasingly accessed by hackers, and the volume of [security fixes] that are delivered on a daily basis is astronomical."

However, other experts U.S. News interviewed felt more mixed on this question.

"These apps are not created equal, so the answer is it really depends on what apps we're talking about," says Shaun Murphy, founder of the technology firm PrivateGiant and a former government security consultant. Despite a few hiccups when Apple Pay launched, Murphy says the mobile payment option is trustworthy. "It is more secure than pulling out a credit card from my wallet," he says.

As Robert Siciliano, identity theft expert with BestIDTheftCompanys.com, says, "the weakest link is not what's going on the app. It's what's going on in a retail establishment where you hand over your credit card." Physical credit cards are susceptible to theft; for instance, a restaurant server can steal the numbers when the card is out of sight, skimmers at an ATM or gas station can compromise a customer's credit card or a company server storing customer's payment information can get hacked.

For other apps that access credit card information (for instance, a retailer's payment app or apps that allow in-app purchases), Murphy urges consumers to find out if their information is stored just on their phone or on the company's server. "When you type in your credit card information, theoretically that could be stored on your phone or in the cloud on company servers," he says. "If you put it in on your iPad and then you go into a different device and you can pay with that too, that's being stored on their server. That always worries me. At any point in time it could be hacked."

Money-tracking apps such as Mint and BillGuard represent another breed of apps that access your credit card information, not for purposes of making a payment but for helping you stay on top of your finances. Do the potential benefits outweigh the potential risks? "Any app that can keep you in tune with your financial life is a good thing," Siciliano says. "As far as their security, generally these apps are designed to make you aware and keep you secure."

If you do give mobile apps access to your financial information, consider this advice.

1. Secure your phone. Many consumers adopt a laissez-faire attitude to smartphone security, Carroll says. "With our mobile phone, we seem to be less worried about attacks," he says. "People who would never click on a suspicious link within their tablet or laptop will click on their smartphone. It's become a huge target for hackers." For all smartphone users -- and especially those who allow apps to access their credit card information -- don't click suspicious links, keep your browser updated so it has the latest security features and passcode-protect your phone in case it's lost or stolen (you can also set up the ability to disable it remotely in case of theft or loss).

2. Research the app. "Never just automatically trust [an app]," Siciliano says, adding that you can read the app's terms of service to find out what data the app can access and whether it can share or resell that information to third parties. How many app users actually do this? "I don't know of a sane person that can or would besides an attorney," Siciliano admits. "You can Google search and say 'terms of service,' 'name of the company' and 'review' [to] see if anybody's done a review." You might be surprised to discover how much information a basic free app accesses. In some cases, it could retain the right to resell the photos stored on your phone. "Apps are geared to solicit as much data from you as possible ... because data has a price," Carroll says.

3. Use credit over debit. A compromised credit card is no picnic, but a compromised debit card can be even worse. "If someone gets your checking account access, they could drain your checking account," Murphy says. "It could be days of checks bouncing." The protections afforded by credit cards often make them a better option for mobile payments.

4. Set up credit card alerts. Notifications from your credit card company via text or email can alert you to a problem immediately. "Every credit card today offers some sort of notification service that will make you aware of charges in excess of, say $10, every time there's a charge in excess of $10," Siciliano says.

5. Monitor your statements. Credit card thieves often first try small transactions to verify a card's legitimacy, so those might not trigger an alert. Therefore, you should check your credit card statements for any dubious charges. "In the end, whether it's a physical transaction or a [mobile] transaction, the most important thing is to check your statements and be aware of charges," Siciliano says.

More From US News & World Report

• 10 Dangers of Mobile Banking
  

• 10 Ways to Improve Your Finances with Social Media
  

• 12 Millennial-Inspired Ways to Spend Less