Mobile banking apps let us pay our bills, check account balances and deposit checks right from our smartphones – all of which can save trips to the bank and make life a bit easier. However, security concerns about using these apps abound and shouldn’t be taken lightly.
Mobile banking is still a relatively new practice that carries numerous risks, from the presence of malware on apps, fake banking apps created by fraudsters, data hacking on public Wi-Fi networks, and all the issues that can arise if you lose your smartphone.
While financial institutions need to step up their efforts to ensure mobile banking safety, there are a few things consumers can do to help themselves. Here are some of the biggest security concerns with banking apps and tips on protecting yourself:
Nine out of 10 iPhone and iPad mobile banking apps tested by IOActive Labs Research contained several non-secure sockets layer (SSL) links throughout the application, which means information transmitted over the links can be seen by others because they are not private.
Another IOActive study found that 40% of the apps tested didn’t validate the SSL security, which makes them vulnerable to “man-in-the-middle” attacks. This is a scam where an attacker intercepts and retransmits messages between two victims, potentially stealing valuable information from both.
It’s generally a bad idea to use a mobile app on a public Wi-Fi network, since mobile apps don’t have a visible indicator like “https” in the Web address, which signals a private connection, according to the Federal Trade Commission (FTC).
“Most café and hotel WiFi is insecure, allowing anyone with the right know-how to hijack your traffic and steal your information,” says Greg Kraynak, chief executive of Cellhire, a mobile communications company.
“Other problems include rogue hotspots with names like ‘Free Public Wi-Fi’ tricking people into connecting to what they think is a legitimate hotspot,” Kraynak says. “Cyber criminals set these up to steal information from unsuspecting users.”
It’s probably best to avoid banking while using a public Internet connection. But if you don’t have a choice, you should use the bank’s mobile website rather than its mobile app over an unsecured wireless network.
Watch out for fake mobile banking apps loaded with toxic malware. You don’t want to download one of these by mistake.
In 2011, Google pulled over 50 malware-infected apps from its Android market.
And more recently, a data-stealing fake bank app cropped up in Google Play and was soon after removed. The program copied an Israeli bank’s app and aimed to steal user’s login information, according to a report by mobile security company Lookout in San Francisco.
To protect yourself, use official banking apps from your financial institution’s website or through Apple’s App Store. Most financial institutions have a link to a page with their official app where it’s described and can be downloaded.
Still, smaller banks and credit unions might have apps that aren’t as secure as those from larger organizations. Smaller companies tend to use third-party developers who are less experienced and whose security features aren’t always up to par, says Domingo Guerra, president of the mobile security company Appthority.
“Larger banks have the resources and manpower to develop their own apps, and they can build tighter security into the technology,” Guerra says. “Third-party developers don’t want to build the app from scratch, so they can re-use parts of other apps they’ve built in the past, which introduces other risks in the app itself.”
User ratings are a good way to know what users think about the app, but in general, Guerra says he’s seen better security in those from larger financial institutions. So if you belong to a smaller bank or credit union, you may just want to do your banking by computer or in person.
Losing your phone
Losing a smartphone or tablet with your banking information stored on it is like losing your wallet, as it can result in fraudulent debit and credit card charges, stolen bank account information and identity theft.
“We’ve also seen mistakes where apps don’t log-off automatically,” Guerra says. “So, if you log onto your app and later lose your phone, whoever finds your phone can open the app and still have a session active.”
This is why locking your cellphone is critical, so set up a four-digit pin that locks the phone or tablet when it’s not being used.
If you can’t recover the phone soon enough, Guerra recommends wiping the phone remotely so you prevent the possibility of thieves gaining access to sensitive data. Both iOS- and Android-based devices give users this ability, Guerra says.
You should also notify your financial institution of the situation if you lose your phone, and monitor your accounts to spot any signs of fraud. If you detect any suspicious activity, notify the bank, credit union or card company involved as soon as possible. If you’ve been victimized, report it.
The bottom line is mobile banking comes with some risks, but by taking a few simple safety measures, you can lessen the risks significantly.
“[Smartphones] are very powerful computers in our pockets, they’re on 24/7 and they know a lot about us,” says Guerra. “So when we lose them, it’s a big risk. But even when we don’t lose them, we should remember that they are computers and they have risks as well, and they’re not immune to these risks.”
Image via iStock.