Is Mobile Banking Safe?
Mobile banking is a popular product that banks and credit unions are increasingly offering to their customers.
Many consumers are concerned about the safety of mobile banking, however. A January 2009 study by Javelin Strategy & Research found that 73% of consumers feared that hackers could remotely access their phones. As the number of mobile banking users increases, hackers are likely to targeting mobile banking solutions.
Mobile Banking CAN be as secure or more secure than traditional online banking. The safety of your money depends upon how your bank chooses to implement mobile banking. Like many other products, some mobile banking solutions are more secure than others.
The following are some key safety features to look for:
- 128-bit Encryption – This means bad guys can’t look at the data flowing between your phone and your bank. Most solutions use the same type of protection web browsers use for online banking.
- Bank protection in the event of fraud – Like online banking and debit cards, many banks promise to protect you in the event of a loss from a hacker attack on mobile banking. You need to read your bank’s terms and conditions carefully when you enroll for mobile banking to be sure.
- Bank-specific username & password – Make sure the credentials you use to log into mobile banking are unique to your bank and are controlled by the bank and not a third-party. (See PIN Vault below).
- Multi-factor authentication - This means the bank requires more than just a username and password to gain access to the system. This is often described as “something you have and something you know.” Often your phone itself is the additional “something you have.” This feature can make mobile banking more secure than many online banking products.
- Lockout & timeout capabilities – Make sure you can disable access to your bank account if your phone is lost or stolen. Also make sure your session is automatically disconnected after a few minutes of inactivity.
Some things to watch out for:
- SMS Links – Text based banking (also known as SMS) is very popular, but like email, hackers can trick you by sending fake messages that look like they’re from your bank but actually connect to computers controlled by the bad guys. Like email, never click on a link in an SMS message from your bank.
- PIN Vaults – Some mobile banking solutions share the mobile banking username and password across multiple institutions. This is sometimes called a “PIN Vault.” While it makes it easier to log in, it can pose a significant risk. The PIN is often stored at a third-party location like the phone company or the software provider. The single PIN also would provide hackers access to ALL the accounts the PIN is works with if the hackers were able to break in.
- SMS Transactions – There is no security around text (SMS) messages. Text messages are sent without any encryption. Imagine a text message like a note on a post card. Anyone near the message can see it. In fact, many people rarely delete text messages from their phone. Therefore, if bad guys were to get your phone, they could look at all the text messages you have sent or received. Make sure text messages have no sensitive information hackers can use to steal from you.
- WAP 1.0 Mobile Internet Pages – Some older phones with web browsers use a technology called WAP 1.0. This technology turned out to have a security flaw dubbed “The WAP Gap” because the data was unencrypted and re-encrypted at points along the way. Most modern mobile web browsers now use newer technology.
Mobile Banking can be safe, convenient, and possibly even fun. However, make sure you are careful about the products you use and know your rights. Make sure you are absolutely certain of the identity of a web page before providing any sensitive information.
(I originally wrote this content as an article in Articles Base http://bit.ly/1MPuTa )