Top Mobile Banking Security Tips
Remember when mobile banking meant visiting your local branch? Today it means being able to make balance inquiries, deposits and account transfers with just a few taps on your smartphone. And that’s just the beginning.
“The scope of mobile banking has clearly expanded over the last 18 months,” said Sonia Lalli, a mobile banking analyst at Juniper Research, “particularly because of the expanded and more intelligent capabilities offered by the smartphone, as well as a greater range of affordable non-iPhone devices.”
However, transferring such sensitive data over the airwaves involves risk, and you should heed the dangers before you dive in. Here’s what you need to know about mobile banking and how to protect yourself.
What is Mobile Banking?
Simply put, mobile banking is doing everything you’d do at a bank (or on your home PC) from your smartphone or tablet. That includes deposits, withdrawals, account transfers and balance inquiries. These actions are done via SMS texts, a Web browser or a smartphone-based app. Since not all institutions have all three distribution methods, the ones that banks choose to support depend largely on the markets in which those money managers operate. For instance, financial institutions in developing markets generally will begin with SMS, a technology likely to be enabled even on lower-end feature phones.
Another technology has seen a lot of growth, Lalli notes. “Using apps is an increasingly more important way of doing mobile banking, with the included functionalities being increasingly enhanced,” she said. There’s pressure on financial institutions to offer apps on a variety of smartphone platforms and tablets in order to reach a larger number of people.
Right now Bank of America, Capital One, Chase, Citibank and Wells Fargo feature rich banking apps, and they’re just a few in a growing field of choices. Most of the services these institutions offer are similar across the board: Users can quickly check their balances, view account activity, pay bills, make transfers and locate nearby ATMs and banking center locations.
But some banks are pushing the envelope. For instance, the Chase Mobile app lets users scan and deposit checks using their smartphone’s camera. They can also transfer money between two Chase accounts for instant payouts.
The Common Threats
Despite advancements in the sector, mobile commerce has not expanded as fast as expected. Security concerns are the main reason.
“This rapid development in mobile commerce means that storing more potentially sensitive data on a phone makes it more likely to attract a cybercriminal’s attention as a target for hacking or breaching into,” explained Nitin Bhas, a Juniper Research analyst who specializes in device security.
Bhas noted that increasing device sophistication accelerates the need for mobile security in several ways. “Hackers can gain access to sensitive information stored in the device such as account details or PIN codes used for mobile banking, transaction codes and credit card details,” he warned.
Some of the key dangers of mobile banking include device loss, phishing, malware and viruses and fraud.
Here’s what you need to know about each threat:
1. Stolen Smartphones
“The biggest security threat to smartphones is having them stolen or lost, and then not having any protection to hide or destroy the data stored in it,” Bhas said. Someone who steals a device gains access to unprotected data such as ATM personal identification numbers, mobile banking security codes, passwords and more.
Another danger in mobile banking is called phishing. “Phishing lets attackers acquire sensitive information such as passwords, bank details and other sensitive information by disguising fake applications, emails and SMS as genuine,” Bhas said. “Mobile phishing attacks are the most prevalent, as it is easy to implement and monetize the attack.”
Here’s how a phishing scam might work: Unsuspecting, you come across a website asking you to fill out typical details you might see on a form—username, password, your credit card details. Since the site looks and acts legitimate, you don’t question it. But it’s actually fake—and your information is being stolen by a third party at that moment.
In another type of cyberattack, malware may be unknowingly installed onto your device to leak sensitive information. Some particularly insidious software may even provide the attacker with full remote access to your device, Bhas said.
“Malware attacks are mostly auto-run applications which leak sensitive user information such as banking information,” he explained. “Spyware programs, on the other hand, could enable attackers to gather specific information including user names, passwords, credit card details, account details and even confidential files. A spyware program could also secretly monitor the user’s usage behavior.”
Users also must be aware of a multitude of other dangers related to mobile banking, including email, mobile and debit/credit card fraud.
Email fraud involves hoax messages disguised as offi cial communiqués from your bank. To bait you, these emails might say there is an urgent situation concerning your account that needs immediate attention, then instruct you to click a link back to a certain website. Even if you don’t enter any information, clicking the link can be enough to enable thieves to access your system and record your keystrokes.
On the mobile front, you may unwittingly be a victim of SMiShing, which are SMS messages from scam artists that appear to be from a legitimate company and usually contain a link that takes you to a spoof website or asks you to call a phone number.
How You Can Stay Safe
First and foremost, Bhas suggests downloading and installing some kind of mobile security application on your device. “Mobile security software is rapidly becoming as essential on a handheld as it is on a desktop or notebook computer,” he said. “The increasing popularity of smartphones and tablets makes this particularly relevant, as many users are now accustomed to performing online transactions on the move, thereby storing more and more potentially sensitive data.”
Juniper’s latest research shows that not even one in 20 smartphones and tablets has third-party security software installed, despite a steady increase in threats from online scammers, malware and viruses.
In general, both iOS and Windows Phone are at less risk than Android because they are more closed platforms, and both release prompt updates when security issues arise. Consequently, you won’t find many third-party security apps on iOS. On Windows Phone, users must rely exclusively on the platform’s built-in security features. And Android? Its open source nature means users need to be more wary of malware, which in turn means there’s no shortage of antivirus options.
Of the abundance of options, the feature-rich McAfee Mobile Security is worth a look. It’s a little steep at $29, but the app has the best Web console around, includes a handy SIM tracker feature that contacts you via email or text message when your device’s SIM card is removed and even offers unlimited online data backup. McAfee also includes the anti-theft and data protection features offered on other platforms.
Beyond installing a robust security suite, users should avoid unsecured and unauthenticated Wi-Fi or private networks and always double-check that they are not downloading an infected app or software. Even if an app seems to run properly on your device, there’s no telling whether a scammer has modified the source code before uploading the app to a public platform. One surefire way to make sure it’s not infected is to download apps and APKs only from trusted sources—that is, no file-sharing websites.
Another tip: Scrutinize permissions carefully before installing apps onto your device. Although Apple and Windows Phone are pretty strict when it comes to letting apps tap into system resources, Android users should be wary of functions that suspiciously go beyond the scope of what an app claims to do.
As mobile banking expands to greater frontiers, so do the risks and dangers associated with it. Awareness and consumer confi dence are on the rise. But as long as new ways of dealing with sensitive financial information are being invented, we must be increasingly vigilant to make mobile banking pay off.
- Mobile Security: The Risks and How to Protect Your Smartphone
- Android Security App Shootout
- Facebook Rolls Out Mobile Security Enhancements