Two-thirds of Americans use mobile or online banking as their main way to access their accounts. If you belong to that group, chances are you lean heavily on a smartphone or computer to pull up your bank information. But both gadgets also happen to be popular targets for online fraudsters itching to infiltrate your accounts.
Could one of these devices better protect you from fraud than the other? We put the question to three security experts.
Kyle Marchini, senior analyst in fraud management with research-based advisory firm Javelin Strategy & Research: "I give bank apps on mobile devices the edge when it comes to safety,” Marchini says. With computers, he says, it is easier to inadvertently download malware from hackers.
For example, malware keylogger programs might be secretly installed as part of a download from a nonsecure webpage. These programs record keystrokes when you enter your username and password on a bank site, then send that information to a hacker.
With mobile apps, users have to manually agree to downloads from the device’s approved app store. That makes it harder to mistakenly download malicious programs that can spy on you while you’re banking, Marchini says.
A caveat: Avoid logging in to your bank account using public Wi-Fi. You don’t know who has access to the network traffic and whether they can view the data you send. For better online banking security, Marchini advises using your cellular network.
A pro tip: Skip the mobile browser and use your financial institution’s official app instead. There’s less chance of you navigating to a fake bank site that way, Marchini says. As legit as some fake pages may look, they are actually so-called “phishing” attempts from hackers that can trick you into submitting your passwords or other personal information.
Use a screen lock, too. That way, others can’t access your data if your device is stolen.
Jason Glassberg, co-founder of cybersecurity firm Casaba Security: “Either computer or smartphone could be appropriate, depending on your location,” Glassberg says. If you’re at a hotel or library and need to take care of a banking task, you are safer using your smartphone connected to cellular data than you would be using a public computer on an unfamiliar network, he adds, echoing Marchini’s advice.
But if you are at home on your secure private network and are using anti-virus protection, using your computer might suit you better. “Chances are it is a lot easier to make a funds transfer on a large computer screen than a small mobile one,” Glassberg says.
A caveat: Clicking on unfamiliar links can bring trouble, no matter the device. Approach links from unknown email or text sources with caution — they could be connected to malware or phishing scams.
A pro tip: Avoid digital banking on smartphones that have modified operating systems, such as jailbroken devices for Apple phones and rooted devices in the case of Androids. These smartphones have intentionally sidestepped security to give people access to apps that haven’t been approved by app stores, Glassberg says.
Because protections have been removed, the third-party apps might contain malware. They might, for example, be able to spy on your mobile phone activity, including your use of banking apps.
Randal Wolverton, a certified public accountant who serves on the American Institute of CPAs’ Forensic and Litigation Services fraud task force: “My preference is to bank with computers in a secure environment, as thieves may find smartphones more attractive to attack,” he says.
Since smartphones travel with you, they give fraudsters unique opportunities. If a customer is standing in line at a grocery store and decides to check her bank balance on her phone, someone could be looking over her shoulder and guess the password. That kind of situation is unlikely to arise when banking on a computer at home, Wolverton says.
A caveat: Stay up to date with computer security releases. Otherwise, your computer bank transactions could still be exposed, Wolverton says.
A pro tip: Team up with your bank. Take advantage of two-factor authentication and sign up for fraud alerts. Together, you can work to help make sure your accounts are safe and protected.