Best Security Practices for Mobile Banking
Mobile banking has been around for a while now, but as banks roll out more and more features—like check deposits by phone—and people become more comfortable with mobile banking, the number of users continues increasing.
Juniper Research has predicted that more than 3.6 billion worldwide users will be banking on a mobile device by 2024.1 That’s a lot of people and a lot of targets for would-be criminals and professional hackers.
You can keep your mobile device safe by understanding how hackers access your phone as well as security practices to keep your information safe.
The first thing you need to know is how hackers and criminals operate to get your banking information. That way, you can more easily defend yourself against attacks.
Malicious software (also called malware) can log anything you input into your phone–including passwords, numbers, and account names. Then, this software sends this information to the hacker. This can expose all of your accounts and passwords to people with bad intentions.
Mobile ransomware is a malware method that uses an app to hold your phone ransom until you give the hacker the information they want. You install an app that looks legitimate, and when you run it, it encrypts your information so that you can't access it. The app locks your phone with a custom screen and asks you to pay to get your data and information back.
When using mobile banking apps, the app communicates with the bank or the credit union to verify the institution's identity. In a man-in-the-middle attack, hackers “pose” as a bank and attempt to send a counterfeit bank server certificate to the bank app you’re using that allows them access to your accounts.
Most banking apps have many built-in security features, but the best defense starts right on your phone. Use passwords that are tough to guess—don’t use “password” or “123456." A password that is at least six digits works the best, and it needs to be random as well as include both upper and lower case letters, numbers, and special characters.
It’s good to keep in mind that public Wi-Fi is not protected. Your data is not secure on a public network. If you want to connect to your bank while out and about, it’s a good idea to use your cellular network instead of a Wi-Fi hotspot because this is a more secure option and your data will be better protected.
Your data network adds an extra layer of protection. Anyone who wants to hack your banking software directly from your phone will have to go through two layers of protection—both your phone password and the banking app—rather than just a single layer.
If your phone is stolen or lost, saved passwords and PINs in your browser can give someone a ticket straight into your bank account. If you want to save usernames and passwords on your phone, it’s better to do it in an encrypted app that requires a password or fingerprint for authentication. Using a password app allows you to create different passwords for every site you use.
Phones get lost sometimes. They get dropped or left behind, and it’s not always easy to remember where that happened. A phone finding app can let you figure out where you left your phone so that you can retrieve it before anyone gets to it. You install it on a separate phone or tablet and connect the two. Many operating systems have this built-in.
You can install an app that erases the contents of a lost phone. These are often referred to as “kill switch” apps, and there are several of them on the market for both the iPhone and the Android systems. These apps will remotely erase a phone’s data if you can’t find your phone with a finder app. This makes sure your data doesn’t get into the wrong hands. Many operating systems have this as well.
There are plenty of third-party apps you can use, but apps from your app store are less likely to contain malware and more likely to be honestly vetted by the marketplace.
Phishing is still a favorite for criminals looking to exploit your information. Phishing comes from the idea of fishing because "bait" is used. Phishing bait is sent by text message, email, or private message.
Hackers will contact you by email, phone, or text and pose as a trusted institution to get your bank information. They will often send you to sites that look like banking sites or ask you for account details.
Overall, mobile banking has a strong safety record. It’s always wise to take precautions and be aware that a small number of determined people out there would like to steal your information for their gain.