How to keep your mobile banking safe
A lot of it depends the bank, but there are things customers can do as well.
As people increasingly do their banking on mobile devices, concerns about digital security have come to the forefront.
Here are some tips to help ensure your mobile banking is as secure as possible.
While many security issues are in the hands of your bank, experts say there are several measures you can take on your own to keep things safe.
Enable multifactor authentication
Two-factor or multifactor authentication ensures that no one can gain access to your account with your password alone. The second level of authentication is often a code that is sent to your phone. It’s a quick and easy way to help protect your banking information from being hacked.
But even authentication codes sent via text message aren’t entirely secure, as hackers can gain control of your phone through a so-called SIM swap, in which they convince your wireless carrier to transfer your phone number to a new SIM card. They then receive the codes and can use them to access your account if they’ve also managed to steal your password, says Arvind Narayanan, an associate professor of computer science at Princeton University whose research focuses on information privacy and security.
“Instead,” Dr. Narayanan says, “using an authenticator app is a more secure second factor.” These apps generate a code, which changes regularly and can be used to unlock your accounts. Since the codes only appear on your device, they can’t be stolen in a SIM swap.
Apply software updates promptly
It might seem onerous, but it’s a good idea to update your phone as well as any banking apps you might use, so you are not vulnerable to malware that could steal your information. It often isn’t clear what exactly you are protecting yourself against when you update your software, says Will LaSala, director of security solutions at cybersecurity company OneSpan. But that’s because software providers don’t want to reveal the software’s vulnerabilities, he says. So, you should make all updates as they become available, even if you aren’t sure why they’re needed.
When you install a new app, it’s tempting to allow it to access whatever it asks permission for, so you don’t have to think about it. But you should be wary of doing that, particularly for banking apps, as hackers can exploit those permissions to gain access to your personal information.
Check your app’s permissions
You shouldn’t download banking apps—or any apps, for that matter—if you come across them in a third-party app store, where bogus versions of official apps are “rampant,” says Michael Covington, vice president of product strategy at Wandera, a mobile security solution developer.
Only install apps from official channels
Mr. Covington adds that you should be careful not to be fooled into installing any extras, such as developer certificates or profiles, which could allow developers to inspect your internet traffic or install other apps on your device.
How they are used
Consumers who use mobile-banking apps access them for different things, with some performing only a couple of tasks. Here's how U.S. adults with a bank account and phone use banking apps:
Banking App Acceptance
Concerns about security were foremost in the minds of respondents to a 2016 international survey who said they weren’t likely to use mobile-banking services.
Top Reasons for Not Mobile Banking, by Generation
*Respondents who reported doing one or more mobile banking tasks as opposed to being “general users” of mobile bankingSources: Federal Reserve 2015 Mobile Survey (Use); Nielsen Co. (Reasons not)
Check your bank’s website
Though you may do most of your banking via an app, it’s also a good idea to log in to your bank’s website on occasion, according to Mr. Covington. Doing so typically lets you see the last several logins to your account, so you can see if there has been any unauthorized activity.
Also, he says, “many banks are now identifying known attacks against mobile users in the fraud section of their web portals" — information you can use to remain vigilant against the latest methods being used by hackers.
Don’t use public wireless networks
Try to avoid logging in to any banking apps over public Wi-Fi, where hackers can easily dangle rogue wireless networks that can gain access to your traffic. It’s always a safer choice to use your device’s cellular data, says Brian Reed, chief marketing officer at mobile app security company NowSecure. As it is “incredibly difficult” to steal data over a cellular connection.
“When in doubt, stay connected to the cell tower,” he says. If you choose to use a mobile hotspot instead, he adds, use a VPN, or virtual private network, so you can encrypt your traffic.
See that your financial apps adhere to regulatory standards
Be careful about which apps you use to keep track of your finances, says Mr. Reed. While there are a number of apps aside from your main banking app that can help manage your expenses and keep an eye on your personal finances, they may not have the same reporting requirements that commercial banks do. So you should only go with credible companies—and take the same security measures that you would with your main banking app.
Be careful about which apps you use to keep track of your finances, says Mr. Reed. While there are a number of apps aside from your main banking app that can help manage your expenses and keep an eye on your personal finances, they may not have the same reporting requirements that commercial banks do. So you should only go with credible companies—and take the same security measures that you would with your main banking app.
Use a password manager
It’s a good idea to use a different password for every website you patronize. If you aren’t willing to do that, you should at least use a long, complex password for your banking app that is different from every other password you have.
This will help ensure that if your other passwords are compromised, hackers won’t be able to use them to access your account. To keep track of everything, you would do well to use a password manager, says Jeremy Gillula, tech projects editor at the Electronic Frontier Foundation, which advocates for digital privacy.
Such managers store your passwords directly on your device or in encrypted form in the cloud, making them difficult to hack. If you want to take your digital security one step further, Mr. Gillula says, you can use the password manager to make up random password-recovery questions—which you can also write out on a piece of paper, stored in a secure location, should you have any concerns that the password manager won’t work when you need it to.
This infographic was designed by Avalaunch Media
