What once seemed a fanciful or even silly idea — that instead of cash or a card we’d use our phones to pay for stuff — is becoming the norm. Mobile-based payments in the U.S. are projected to reach $142 billion by 2019, nearly tripling their 2014 volume.

While that’s a lot of growth, mobile payments still make up a tiny fraction of retail commerce. In 2015 they accounted for only 0.2% of in-store sales in the U.S. And that might be because the technology is new and perhaps confusing.

Here’s a quick look at mobile payment: how it works, who the major players are and how secure these transactions are.

How it works

Mobile payments really took off in 2014 with the introduction of Apple Pay. Since then, a number of competitors have popped up, Samsung Pay and Android Pay primary among them.

As their names suggest, these mobile payment services are tied to specific devices. Apple Pay works only on newer iPhones and the Apple Watch, and Samsung Pay requires later Galaxy and Note models. Android Pay requires an Android device.

With mobile payments, your smartphone acts as a proxy for your credit card, debit card, loyalty card or metro card. The card info is read into the phone either by taking its picture or by manually entering the number and expiration date.

Apple Pay, Samsung Pay and Android Pay all make use of near field communication. NFC enables two electronic devices, one of them typically mobile, to communicate via close proximity – say, by tapping the phone to a credit card/phone reader.

Samsung Pay also uses a technology called magnetic secure transmission, which makes it compatible with existing card readers that are not NFC-enabled.

What about security?

Mobile payment systems use a host of security measures to protect transactions from hackers. Each card registered on your phone is assigned a token, usually a string of numbers that represents your 16-digit credit or debit card number. This means your card number is never transmitted or revealed; the token is used to process the payment. It’s similar to how EMV or “chip” cards work, if you’ve come across those.

To complete a transaction, you will also need to input a PIN, use a fingerprint scan, or sign, depending on the particular payment service and the sophistication of the terminal at the checkout counter.

The risk with mobile payments ultimately lies with your accounts, not the payment devices. For example, banks don’t always have the best procedures to verify that the person adding a debit or credit card to a mobile payment service is the account holder. That makes it possible for thieves to use stolen account information in their own mobile payment app.

Cases of fraud have also been reported in connection with so-called peer-to-peer payment systems that were developed primarily to allow friends and family to send and receive money. In a recent case of Venmo, a division of eBay’s PayPal, users have reported unauthorized withdrawals that apparently took place as a result of weak authentication controls that let hackers take over accounts.

Many of us already carry our phones everywhere we go, and as more Americans embrace the technology, it’s likely more retailers will install mobile payment readers. Knowing the ins and outs is important before you jump in as well.

© Copyright 2016 NerdWallet, Inc. All Rights Reserved