Using Contactless Payments on Your Phone? Take These Smart Steps.

The most important—and obvious—downside of relying on a digital wallet is that if your phone dies, or worse, is lost or stolen, you lose access to your money. While it won’t prevent your phone from going missing, one crucial safeguard is to first make your phone findable, says Justin Stewart, senior test project lead for digital rights at CR. You’ll then be able to set up remote-wipe capability, a security feature that allows you to erase all data on your phone from a remote location.

For an iPhone, do this first by enabling Find My by going to Settings > [your name] > Find My > Find My iPhone and make sure it’s turned on.  

For Android phones, you’ll first need to sign in with your Google Account. If you’ve added a Google Account to your device, Find My Device is automatically turned on.

These are the other risks CR’s testers found and what you can do to keep your account safe.

In 2024, consumers reported losing $347 million to scams on digital wallet payment apps, according to figures from the Federal Trade Commission. The same analysis found that for each complaint reported, the average loss was an astonishing $4,627.

What CR found: While major wallets use strong technical security measures, fraud monitoring and liability protections vary across providers. Cash App, PayPal, and Venmo say they monitor transactions for suspicious activity. Because they can hold funds in the app and transfer funds, they’re also legally required—under the Electronic Funds Transfer Act—to investigate and reimburse unauthorized transactions and errors. 

If someone uses your account without your permission, PayPal and Venmo say they will fully cover the lost funds if you report the activity within 60 days. Cash App caps your liability if you lose your device or password at $50 if you report the incident within 48 hours; if you report the fraud after that but within 60 days, you’ll be on the hook for up to $500. If an unauthorized transaction shows up on your statement, you have 60 days to report it and it will be fully covered. 

But Apple Wallet, Google Wallet, and Samsung Wallet don’t commit to monitor for fraud and thus don’t offer those protections. These companies say that because they only facilitate a transaction—not manage or hold funds—they are not subject to the same law as Cash App, PayPal, or Venmo but rather rely on the liability protections from the financial institution that issued your credit or debit card. 

When asked about this, Google told us: “While we partner with banks to help them monitor fraud, we do not authorize transactions. The consumer’s card issuer is in the best position to investigate and provide reimbursement for unauthorized transactions.” Samsung told us that its wallet does not monitor or track transactions made by users because the user’s payment cards, transaction details, and transaction history are stored only on the user’s device, and that Samsung servers do not have access to this.

Apple Cash and Samsung Pay Cash, on the other hand, both store funds, and provide some level of investigation and possible reimbursement if you register your account with them ahead of time. 

If you’re enticed by a scammer to send them money—say, someone fraudulently posing as an official from your bank or IT support—you’re unlikely to receive much help from some of those companies. Most of them argue that because technically you “authorized” the transaction, even though you were duped, they are not responsible.

“Digital wallet providers should protect users from fraud, even when the user has been tricked,” says CR’s Hand. “If they won’t, these companies should be more transparent about the limits of their liability.”

What to Do 

Turn on transaction alerts. Set your phone so that you receive an alert for every transaction. For example, you can do this with Apple Wallet by opening the Wallet app, tapping each bank card or account you use, then selecting "Turn on Notifications." From there, select toggle switch to “Allow Notifications” so that it’s turned on. This is important because scammers sometimes use small charges to test and see whether you notice and take action, says the CFPB. 

Check balances weekly. Review your account and its balances to spot anything unusual, says Hand.  

Enable app-level authentication for each purchase. Use facial or fingerprint recognition, or a passcode, to approve each payment, says CR’s Stewart. Only Apple Wallet and Samsung Wallet require this to complete a transaction. With Venmo, PayPal, Cash App, or Google Wallet, you’ll have to manually set the app to require authentication before you make a purchase.

Lock your wallet. That way, anytime you try to access it, it will require some form of ID authentication—such as facial recognition or fingerprint, or a passcode. Doing so protects all your sensitive banking information, including login information for bank or credit card accounts. 

When you sign up for a digital wallet account, you may not realize that you’ve also agreed to share sensitive personal data, such as each wallet transaction. Some of this—your bank or credit card account number, for instance—is necessary so that you can use the app to complete your transaction, but in most cases, companies state that other collected data could be used for marketing purposes.

What CR found: Most digital wallet providers collect more data than is strictly necessary, often for marketing purposes. Cash App, PayPal, Samsung Pay Cash, and Venmo collect your data and share it for marketing purposes. PayPal says it shares this data with partners and merchants to enhance its personalized shopping services, but the shared info can include creepy stuff such as what sizes you wear, and your location. 

Besides PayPal, none of the other digital wallets have a way to control data sharing for marketing or advertising, or for other uses that have nothing to do with using the app. 

“Most of the apps collect much, much more data than they need to,” says CR’s Hand. “While some data collection can help personalize the user experience, it’s crucial that all that extra data should primarily be used for fixing errors and toward research to improve the customer’s experience.” 

What to Do

Opt-out when possible. PayPal is the only wallet app that offers a manual override to turn off data sharing—but you’ll have to take action because it automatically defaults to the setting where you agree to share your data. 

While the apps themselves may not allow you to opt-out, you can disable some sharing by changing certain settings on your phone, says CR’s Stewart. 

Tackle all three of these on an iPhone by first going to Settings > Privacy & Security. Then:

Opt-out of data sharing. Go to > Analytics & Improvements, then disable “Share iPhone Analytics.” 

Turn off tracking. Go to > Tracking > then turn off “Allow Apps to Request to Track.”  

Turn off location tracking. Go to > Location Services > then scroll down to the Wallet, open and select “Never.”

For Android, Open Settings, then scroll down and tap Privacy. Then tap Ads (sometimes labeled "Ads & Personalization").

Then you’ll see one of two options: Delete advertising ID (Android 12 and newer) or Opt out of Ads Personalization (older versions). In both cases, you’ll then tap Delete Advertising ID and confirm when prompted. 

Funds stored in digital wallets are not automatically covered by FDIC insurance. The CFPB reports that consumers have billions of dollars stored in digital wallets such as the five that CR evaluated that are able to store funds: Apple Cash, Samsung Pay Cash, Cash App, PayPal, and Venmo. 

But holding funds in these puts the money at risk because of how your funds are stored on some apps—rolled up into a company’s bigger account or used for other purposes such as investments in the market—you may not be entirely insured, according to the CFPB.  

Conversely, funds you have in a traditional bank account are insured by the FDIC for up to $250,000 no matter what happens to the bank, says Raul Carrillo, an academic fellow at Columbia Law School in New York who has testified before Congress on digital wallets. Ultimately, “companies that are not chartered as banks or insured by the FDIC cannot promise similar protection,” he says.

What CR found: If you keep money in your Apple Cash, Cash App, PayPal, Samsung Pay Cash, or Venmo account, you will have to take steps toward getting FDIC insurance. Do this by completing identity verification for Apple Cash and Samsung Pay Cash. For Venmo, Cash App, and PayPal, you’ll have to use an additional service provided by the company, such as a debit card, direct deposit, or having a teen account. 

What to Do

Move funds into your linked bank account—pronto. That way your money will be in an FDIC-insured account. Digital wallets are convenient for transactions, but they shouldn’t be considered a replacement for the core safety and security of a traditional bank for storing your funds, says CR’s Bell.

If you keep funds in your digital wallet, register the account. You can do this by authenticating your identity with Apple Cash and Samsung Cash. Other wallets require that you use additional products or services to obtain some sort of insurance. For example, to get it through PayPal or Venmo, you’ll need to have direct deposit set up, have signed up for one of their debit cards, or have purchased crypto through them.

For all the data that these apps collect about you, not all of them do much to help you track spending. Some offer basic tools such as viewing transaction history, but there is opportunity to provide personalized spending insights and automated savings features. Banks and credit card companies, on the other hand, are required by law to issue monthly statements—which can help keep an eye on your spending habits and flag any questionable or fraudulent charges. 

What CR found: Cash App, PayPal, and Venmo do make periodic statements available to users. Samsung and Google wallets don’t offer statements, though Samsung Pay Cash will issue one. Apple does not provide statements for either Apple Cash or Apple Pay transactions—but you can request statements for Apple Cash.

“Using the data they collect on your transactions, they could provide personalized spending insights and offer advice based on your behavior,” says CR’s Hand. For example, she suggests they could also offer automated savings tools, like ones that make scheduled transfers to bank savings accounts. 

What to Do

Check in weekly with each of your digital wallet apps. Set up a calendar reminder on your phone to review your account history each week—look closely at each transaction to confirm it’s yours, look for any errors, or duplications, and note times when you might have overspent. This would also be a good time to look at your overall budget, says Hand.

Have recurring payments? Set those up from your bank account, not a digital wallet. That’s because some users have reported the experience of the app not working on their phone or their account being inexplicably frozen, usually temporarily. That could cause you to be late on a payment, incur late fees, and even be reported to the credit bureaus if you’re more than 30 days late, says CR’s Bell. This is an especially good move for important payments like rent or mortgage, car or student loans, or credit card bills. (It’s probably fine, however, to pay recurring subscriptions through your digital wallet.)

When you pay a person or a business using your digital wallet, funds are withdrawn from your account almost immediately. But if you’re the recipient of a payment, and you try to transfer those funds into your traditional bank account, you’ll have to wait several business days before the transfer goes through. 

What CR found: Want your money instantly? You’ll usually incur a charge that’s a percentage of the total transfer amount, which ranges from 1 to 1.75 percent of the total and is usually capped at no more than $25.

Only Samsung Pay Cash does not provide a way for funds to be transferred instantly to a bank account. 

What to Do

Transfer funds several days ahead of the time you’ll need them. That way you can avoid fees.

If you urgently need the funds, and don’t want to pay the fee, use another method of receiving payment. That could include a check (most banks will make the funds from a deposited check, up to $5,525, available immediately) or good ol’ cash. 

Avoid another hidden fee: Be wary of sending friends money from your credit card stored in the digital wallet. You can get hit with a double whammy on this move: For one, you’ll incur a fee of about 3 percent, and you could be charged a higher interest rate from your credit card company because it’s considered a cash advance. The smarter move: Send funds from a checking or savings account, write a check, or give them cash.

Editor’s Note: Consumer Reports’ investigation of digital wallet payment apps is part of a broader initiative to monitor, evaluate, and strengthen consumer protections in the burgeoning digital finance marketplace. The work is made possible, in part, by a grant from Flourish Ventures’ donor advised fund at Silicon Valley Community Foundation, which supports efforts to reduce systemic inequities.