Skip to content

Is Mobile Banking Safe?

2009 September 14

Mobile banking is a popular product that banks and credit unions are increasingly offering to their customers.

Many consumers are concerned about the safety of mobile banking, however. A January 2009 study by Javelin Strategy & Research found that 73% of consumers feared that hackers could remotely access their phones. As the number of mobile banking users increases, hackers are likely to targeting mobile banking solutions.

Mobile Banking CAN be as secure or more secure than traditional online banking. The safety of your money depends upon how your bank chooses to implement mobile banking. Like many other products, some mobile banking solutions are more secure than others.

The following are some key safety features to look for:

  • 128-bit Encryption – This means bad guys can’t look at the data flowing between your phone and your bank. Most solutions use the same type of protection web browsers use for online banking.
  • Bank protection in the event of fraud – Like online banking and debit cards, many banks promise to protect you in the event of a loss from a hacker attack on mobile banking. You need to read your bank’s terms and conditions carefully when you enroll for mobile banking to be sure.
  • Bank-specific username & password – Make sure the credentials you use to log into mobile banking are unique to your bank and are controlled by the bank and not a third-party. (See PIN Vault below).
  • Multi-factor authentication - This means the bank requires more than just a username and password to gain access to the system. This is often described as “something you have and something you know.” Often your phone itself is the additional “something you have.” This feature can make mobile banking more secure than many online banking products.
  • Lockout & timeout capabilities – Make sure you can disable access to your bank account if your phone is lost or stolen. Also make sure your session is automatically disconnected after a few minutes of inactivity.

Some things to watch out for:

  • SMS Links – Text based banking (also known as SMS) is very popular, but like email, hackers can trick you by sending fake messages that look like they’re from your bank but actually connect to computers controlled by the bad guys. Like email, never click on a link in an SMS message from your bank.
  • PIN Vaults – Some mobile banking solutions share the mobile banking username and password across multiple institutions. This is sometimes called a “PIN Vault.” While it makes it easier to log in, it can pose a significant risk. The PIN is often stored at a third-party location like the phone company or the software provider. The single PIN also would provide hackers access to ALL the accounts the PIN is works with if the hackers were able to break in.
  • SMS Transactions – There is no security around text (SMS) messages. Text messages are sent without any encryption. Imagine a text message like a note on a post card. Anyone near the message can see it. In fact, many people rarely delete text messages from their phone. Therefore, if bad guys were to get your phone, they could look at all the text messages you have sent or received. Make sure text messages have no sensitive information hackers can use to steal from you.
  • WAP 1.0 Mobile Internet Pages – Some older phones with web browsers use a technology called WAP 1.0. This technology turned out to have a security flaw dubbed “The WAP Gap” because the data was unencrypted and re-encrypted at points along the way. Most modern mobile web browsers now use newer technology.

Mobile Banking can be safe, convenient, and possibly even fun. However, make sure you are careful about the products you use and know your rights. Make sure you are absolutely certain of the identity of a web page before providing any sensitive information.

(I originally wrote this content as an article in Articles Base http://bit.ly/1MPuTa )

Be Sociable, Share!
3 Responses leave one →
  1. September 14, 2009

    The article at the following link http://www.bizcoachinfo.com/archives/1399 is the kind of misinformation that is driving bankers and consumers crazy about mobile banking.

    Just saying mobile banking is unsafe and scaring consumers (and bankers for that matter) doesn’t help anyone. Phishing (and Smishing) are real concerns. Bankers need to ensure their best practices help educate users that the real bank would never solicit private information via SMS or email.

    Bankers and mobile banking vendors also need to ensure their products are securely architected. Swearing off all mobile banking isn’t the answer.

  2. September 14, 2009

    Hi David – You are absolutely right – there is a lot of misinformation out there on the security of mobile banking. This is rather unfortunate since it only ends up hurting consumers who are waiting for their banks to offer real mobile banking services (like me).

    Thanks for the post. I will link to it from my blog.

  3. November 24, 2010

    David,

    As a forensic expert, I deal in concrete evidence and feel quite strongly that the mobile platforms and app developers have much work to do before they can provide a safe and secure environment. Our research has led to specifics which can be viewed here:

    http://viaforensics.com/appwatchdog/

    Hopefully this is useful for you and your viewers.

    Andrew Hoog
    viaForensics

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS