As smartphones have become more capable, many people have begun to use them as a banking tool. Logging in to a bank account on-the-go is much easier and quicker via mobile data than any other method, and alerts can be sent directly to a user’s phone to keep them informed of major transactions and changes.
These benefits, however, may come at the cost of security. Smartphones are the wild west of malware, and while they’ve proven to be relatively safe, many users have unanswered questions and concerns. Could a new virus strike? Is 4G secure? And can a stolen phone compromise a bank account?
Stay Safe On 3G/4G, Avoid Unsecured Wi-Fi
Wi-Fi has a lacklustre reputation for security. While most users on secure connections are safe most of the time, the same is not true for those logging in via an unsecure connection. Many users wonder, then, if 3G or 4G mobile data are also a cause for concern.
Put simply; no. All the major data carriers secure their mobile data connections with authentication and encryption methods that could theoretically be compromised, but have not been shown insecure. At DEF CON 19, for example, an apparent attack occurred against 4G and CDMA transmissions, but claims about the attack’s effects have not been substantiated, and no one claimed credit. Other potential flaws have been claimed, but have not been demonstrated.
Ultimately, 3G and 4G can be considered as secure as a connection could be, and anyone doing mobile banking would be wise to rely on mobile data rather than Wi-Fi.
Keep Your Phone Secure To Keep Your Banking Secure
The smartphone itself is more likely to produce a secure flaw that might compromise your banking. While iOS malware remains rare and is usually pulled from the App Store shortly after it’s discovered, Android has been assaulted by numerous attacks, and their numbers grow with each month.
Your banking can only be as secure as your device, so keeping malware off your phone is absolutely critical. All users should be wary of apps not obtained from an official app store, keep away from unsolicited text messages which contain links, and monitor their data usage for inconsistences. In addition, Android users should seriously consider an antivirus app.
Physical access to your phone can be an issue, too, and may even be the more serious risk. While malware is still relatively rare, old-fashioned fraud is not. No one likes to think they might be robbed by a disgruntled friend, co-worker or family member, but if someone can hold your phone unattended for more than a few minutes, they may be able to compromise your accounts. A simple PIN or unlock pattern, available by default on all major smartphone platforms, is an absolute must-have.
Use Your Bank’s App
Everyone who accesses their accounts via smartphone should use the app provided by their bank or credit card company. This is an advantage because it negates all of the browser vulnerabilities and phishing tricks that attackers commonly use to try and steal account information.
There’s just one worry: fake apps. Sometimes a malicious app will find its way onto Google Play or (more rarely) iOS and temporarily pose as the real thing. The fake is most likely malware, designed to steal user ID and password information when it’s entered.
Fake banking apps generally don’t last long when posted, but even so, users should check an app’s information before downloading it. Look for any inconsistencies, such as an unusually low number of reviews or a strange publisher name. If in doubt, don’t use it.
Know What To Do If Your Phone Is Stolen
While a PIN or unlock pattern is nice, it can’t always be relied on to protect your phone if someone steals it. Many phones have flaws that make it possible to in some way bypass the lock screen; some take a few moments, some take a half-hour. Either way, a thief can try whatever they like at their leisure. The key is to have a plan.
If you have an iPhone running iOS 5 or later, you already have access to a service called Find My iPhone. You can access this by going to www.icloud.com/find and logging in with your Apple account. To wipe a device that has been lost, go to Devices, select the iPhone (or iPad) and click Erase. Alternatively, if you think the phone is just lost but not stolen, you can put it into “Lost Mode” which locks down the device and informs anyone who finds the phone to call a specific number.
Android just received their own remote wipe feature, which works through Google’s Android Device Manager website. A list of found devices will be displayed, and any device on your account can then be selected to bring up the option to wipe it. This feature works with devices that have Android 2.2 or newer and the Device Policy app.
Even if you do wipe your phone, it’s a good idea to change all of your online banking passwords. That includes bank accounts, credit cards, saving accounts, online trading apps, and anything else where you stand to lose something.
Turn Your Phone Into A Security Tool
While a smartphone does represent a new point of access for malware and criminals, it also can be a valuable tool to protect you. A locked phone running antivirus can be a boon to security.
Simple SMS or email alerts about account activity, now available at most banks globally, can be a tremendous boon for account security. Depending on the bank, they might alert you about unusually large transactions, transactions from an unusual location, or simply tell you someone has logged in to your account.
All of these tools are invaluable, as they’ll help users detect fraud when it occurs. Even checking accounts daily on a PC won’t be as effective, particularly for people who keep a “backup” credit card or savings account and don’t regularly check its balance.
Another potential safety feature is smartphone payment. Paying via an app on a phone, rather than with a card, does open up some interesting new threats. But it also closes many others. Card skimmers are no longer a worry, cards can be kept at home (or in your pocket, making them less likely to go missing) and a stolen phone is much easier to find or wipe than a credit card, which is almost certainly gone for good the moment a thief grabs hold of it.
Paying via smartphone has yet to fully catch on unfortunately, so most people won’t be able to use it as a real alternative to carrying cards. Some Android phones are NFC payment-ready, and for iPhone owners options like the iCarte exist, though you’ll need an app such as one from your bank to make any use of it. Perhaps within a few years the world will be better prepared for mobile payments.
Overall, smartphone banking shouldn’t pose a worry. As long as you take some basic steps, most of which are not different from those you’d take to secure a PC, you can enjoy on-the-go banking without exposing yourself to significant risk.
Have you had any trouble with fraud or loss as a result of online banking? What are your top security tips? Help us beat the bad guys by adding your thoughts below.
Image Credit: Postbank