Best Security Practices for Mobile Banking
Mobile banking has been around for a while now, but as banks roll out more and more features – like check deposits by phone – and people become more comfortable with banking on their mobile phones, the users of mobile banking keep going up.
Juniper Research is predicting that over 3 billion worldwide users will be banking on a mobile device by the year 2021. That’s a lot of people and a lot of targets for would-be criminals and professional hackers. So, the question is, how do you keep yourself safe when banking from your phone?
The first thing you need to know exactly how hackers & criminals operate to get to your banking information. That way you can more easily defend yourself against attacks.
There are usually three basic ways that criminals try to access the data on your mobile phones. Although this isn’t an exhaustive list, it can give you a basis of what to look out for.
3 Ways Criminals Try to Access Data on Your Mobile Phone
- Spying on your Keystrokes: Malicious software (also called malware) can log anything you input into your phone – including passwords, numbers, and account names. Then this software sends this information to the hacker. This can expose all of your accounts and passwords to people with really bad intentions and the ability to execute on those bad intentions.
- Man In The Middle Attacks: When using mobile banking apps, the app will communicate with the bank or the credit union in order to verify the identity of the institution it’s communicating with. Hackers will sometimes “pose” as a bank and attempt to send a counterfeit bank server certificate to the apps that you’re using – allowing them access to your accounts.
- Phishing: This scam has been around forever, but it’s still used all the time by hackers because it works. Hackers will contact you by email, phone, or text (or any other way they can think of getting a hold of you) and pose as a trusted institution in order to get your bank information. They will often send you to sites that look like banking sites or ask you for account details.
Now that we know some of the most common ways hackers will try to steal your information, let's take a look at some best security practices for mobile banking you can use to keep yourself safe.
10 Ways to Protect Yourself from Mobile Banking Scams and Hacks
- Use a Strong Password: Most banking apps have lots of built-in security features, but the best defense starts right on your phone. Use passwords that are tough to guess (don’t use “password” or “123456”). A password that is at least 6 digits works the best and it needs to be random, including lower and upper case letters, numbers, and characters.
- Use Your Cellular Data or Home Wi-Fi – Never Public Wi-Fi: It’s good to keep in mind that public Wi-Fi is... public. Your data is not secure on a public network. If you want to connect to your bank while out and about, it’s a good idea to use your cellular network instead of a Wi-Fi hotspot because this is a more secure option and your data will be much better protected.
- Use a Phone-Finding App: Let’s face it. Phones get lost sometimes. They get dropped or left behind and it’s not always easy to remember where that happened. A phone finding app can let you figure out where you left your phone so that you can retrieve it before any bad person gets to it. You install it on a separate phone or tablet and connect the two together. Many operating systems have this build it.
- Install an App that Erases the Contents of a Lost Phone: These apps are often referred to by the James Bond sounding name of “kill switch” and there are several of them on the market for both the iPhone and the Android systems. These apps will remotely erase a phone’s data if you can’t find your phone with a finder app. This makes sure your data doesn’t get into the wrong hands. Many operating systems have this built in as well.
- Only Use Official Apps from the App Store: There are plenty of third-party apps you can use, but apps from your app store are less likely to contain malware and more likely to be honestly vetted by the marketplace.
- Keep Your Apps Updated: Most apps have a high degree of safety, but when apps are vulnerable, they often get an update from the vendor. Make sure you keep your apps and your phone software updated for maximum security.
- Log Out After You Use Online Banking Software: This adds an extra layer of protection so that anyone who wants to hack your banking software directly from your phone will have to go through two layers of protection (both your phone password and the banking app) rather than just a single layer.
- Don’t Save Passwords or Usernames in Your Browser: If your phone is stolen or lost, saving this information in your browser can give someone a ticket straight into your bank account. If you want to save usernames and passwords on your phone, it’s better to do it in an encrypted app like LastPass that requires a password or fingerprint for authentication. Also, using a password app allows you to create different passwords for every site you use which is highly recommended.
- Use Facial Recognition and Fingerprint Technology: Facial recognition and fingerprint technology are pretty cool, and it's extremely secure. More and more phones are offering this technology and you should seriously consider making this your default log-in method over using a password.
- Know what Phishing Looks Like: As discussed above this is still a favorite of criminals looking to exploit your information. Phishing comes from the idea of fishing because both things deploy bait to get what they want. Phishing bait can be sent by text message, email or private message. It can send you to a link that looks a lot like your bank's website (called spoofing) or asks directly for your private information.
If you aren’t sure if the email, text or website is a phishing site, it’s a good idea to call your home institution to find out. They’ll be able to let you know.
Overall, mobile banking has a strong safety record. It’s always wise to take precautions and be aware that there are a small number of determined people out there who would like to steal your information for their own gain (and your loss).