It s a question that s often raised when a bank adopts a new technology. Is a new convenience worth a potential compromise in security? Many consumers struggle with it when they use text messaging to conduct business; log in to their bank account on a public computer; or even weigh using an automatic teller machine outside their bank branch.

Now, a new mobile phone application has some asking the question again. EBay (EBAY) PayPal Mobile app allows PayPal account holders to transfer money by bumping two smartphones together, or entering the email address of their friend s account. The free app allows iPhone and iPod Touch users to send money to other users around the world at no cost using their PayPal balance or bank account.

The app and others like it create some additional risk for consumers by adding another point of contact for personal financial data.

Still, PayPal Mobile app has attracted an audience. On April 7, PayPal, which is owned by eBay, announced that one million people had downloaded the app.

PayPal says its app protects users in the event a phone is stolen. A new version of its app released March 16 requires users to enter a personal identification number each time they launch the software. "To change that PIN, a fraudster would have to access the online PayPal account associated with the cellphone, by logging in with the correct user name and password," says Eric Duprat, the general manager of the mobile division at PayPal. The company also says it guarantees "100% protection from unauthorized payments sent from PayPal Mobile accounts, in the unlikely case that users lose their phones and their PINs are compromised."

Although the technology is still nascent, the mobile payment market could see a spike in interest over the next six to 12 months, says Kate Kingberger, the director of wireless Internet development at CTIA, a wireless communications industry association in Washington, D.C. "Between wireless banking, wireless purchases and mobile couponing, we will see a very large innovations in these technologies," she says.

In addition to PayPal, big names like Starbucks (SBUX), Verifone Holdings (PAY) and the Nokia-funded Obopay, as well as start-ups like MobiBucks, Zong, Boku and Bling Nation, have already begun promoting their own brand of mobile payment systems.

Banks are entering the scene, as well. Citigroup (C) recently test marketed its own mobile payment service. USAA allows customers to take a picture and make a check deposit over their iPhones or Android phones.

Even as more companies enter the mobile payment space, security issues such as credit-card fraud and identity theft remain concerns within the industry. Now, if a phone falls into the wrong hands, the consequences can be severe, says David Robertson, the owner of the Nilson Report, which tracks credit-card industry trends. Although malware and virus threats may be a ways off, "it s still true that people are pick-pocketing, stealing wallets and using cards once or twice," he says. "That is the kind of thing that would occur these days; someone steals your phone and uses it once or twice."

To help protect credit information and guard against identity theft, here are six mobile security tips.

Stock up on passwords

When considering using a mobile payment system, look for as many security features as possible, says Ondrej Krehel, an information security officer for Identity Theft 911, an identity-theft resolution service in Scottsdale, Ariz. For instance, a mobile-payment app that offers protection through a PIN number and password can be more secure than an app that requires only one of the two. Users should make sure their phone and its subscriber identity module, or SIM, card -- a chip that houses a phone s subscriber information and vital numbers -- are protected, as well. What can happen is even if [fraudsters] can t use your phone, they can use your account via your phone s SIM card, Krehel says. All they need to do is put it into another phone and access your information.

Make sure they re strong

Consumers often use the same password for multiple applications, including email, Facebook, retail web sites and banking applications. That s a mistake, Krehel says. Instead, users should keep their mobile device separate from their personal life by using separate credentials for each platform, he says. Also, users should select passwords that are comprised of at least eight random characters including capital letters, lower-case letters, numbers and special characters. He also recommends changing them often. Users who think they might forget multiple passwords might try encrypted password management programs, such as Bruce Schneier's Password Safe or KeePass Portable, the mobile version of KeePass s open source password manager.

Don t store sensitive information

Avoid storing sensitive information on your phones. In addition to passwords, some people store their Social Security numbers on their phones, says Krehel. Revealing too much personal information can also put users at risk. For instance, programming the word home into a phone can have negative consequences if a purse is lost with house keys inside, he says. Thieves can use that information and enter a home easily. Also, every so often, users should clear the cache and cookies on their phones because the devices memory may hold some sensitive information, as well.

Remove data remotely

Consider using technology that allows you to wipe out your phone s data remotely. Account holders will need to check with their carriers for options applicable to their phones. Two options include MobileMe, which is a service for the iPhone, and Motorblur, a service for Motorola phones. These programs can also help locate a missing phone.

Vet the service provider

Make sure you can trust your mobile payment provider, says Lillie Coney, the associate director of the Electronic Privacy Information Center, a research center in Washington, D.C. When it comes to sharing bank account or credit-card information, find out if the company providing that app is a known entity, she says. If you re dealing with another entity, will you be able to go back to them if there is a problem? Users should find out who to contact if security vulnerabilities or other issues arise, says Coney.

Know the protocol for fraud

Find out if you'll be on the hook for fraudulent purchases, says Coney. Right now credit-card holders are legally obligated to pay up to $50 of fraudulent purchases. However, since these programs are so new, the law may not protect mobile payment transactions. Laws are written out to cover current credit-card transactions, she says, adding: This is a new one; until these issues are addressed through state law or federal legislation, consumers are exposed. To find out how fraudulent charges will be treated, consumers should call the app provider and their credit-card issuer, Coney says. They could also look to the terms and conditions for the application. See what it says about obligations and anything they say about disputes on financial transactions, she says. "See what they put in there to protect the consumer."