• Wed. Aug 3rd, 2022

Best Practices for Maintaining Security When Mobile Banking

ByCindy J. Daddario

Jun 30, 2022

Even before the COVID-19 shutdowns, mobile banking was taking off. Thirty-three percent of bank customers used a mobile app before the pandemic, according to a survey conducted for the American Bankers Association. Today, 44% of bank customers use a mobile application.

But is mobile banking really secure? Bank fraud is popular with identity thieves, who steal personal identifying information, usually for profit.

Are mobile banking services secure?

Cybersecurity experts say mobile banking is safe, but urge consumers to take certain precautions.

“If you download the mobile app from a secure store, it’s as safe as going to a bank branch,” says Paul Benda, senior vice president for operational risk and cybersecurity at American Bankers Association.

Benda says the safest place to download a mobile banking app is from your bank’s website.

“Banks use top-of-the-line encryption technologies that are extremely secure,” Benda says. “We like to say that mobile apps are like having a bank branch in your pocket.”

Beware of these types of cyberattacks

Fraudsters target consumers in multiple ways. but the FBI specifically cites two forms of cyberattacks:

1. App-Based Banking Trojans

These are hidden in unrelated applications such as games or tools that are downloaded by unsuspecting banking customers. These “sideload” apps, which are downloaded from unofficial sources, can conceal malware that is dormant until a user launches a legitimate banking app. Next, the Trojan creates a pop-up overlay that mimics the bank’s login page. When customers enter their username and password, they are seamlessly directed to the login page of the legitimate banking app, with no idea that they have been scammed.

“Malware can be downloaded in a variety of ways, such as via SMS (short message service or text) with a malicious hyperlink,” says Teresa Walsh, global head of intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC ). , which mitigates cyber threats in financial services. “This type of malware is actually for sale on the criminal underground market.”

2. Fake banking apps

These apps pretend to be real mobile banking apps and are designed to trick users into entering their login credentials. The FBI says it is “one of the fastest growing areas of smartphone-based fraud”.

Should you use a mobile banking app?

If you’re worried about using a mobile banking app, be aware that security threats exist everywhere, including inside the bank lobby.

“There is a risk that the bank employee will do something illegal, such as stealing your banking information; this is called an insider threat,” says Donald Korinchak of CyberExperts.com.

With a mobile application, “there are potential vulnerabilities related to the security posture of the application itself – vulnerabilities in code, encryption methods, etc. – as well as potential vulnerabilities related to the transmission of information,” he said.

“In both scenarios, the bank is investing heavily to ‘integrate’ security,” Korinchak says. Financial institutions monitor the behavior of their employees and also look for vulnerabilities in their application that can be patched before they are exploited by criminals.

There are also precautions you can take to reduce the risk.

How to protect against mobile banking fraud

1. Download a verified banking application from your bank’s website.

Many banks provide app store links from their websites to help you download the right app. “Your bank should have information available about the type of mobile app it uses, what features it contains, and what you need to access it,” says FS-ISAC’s Walsh. “Next, use a reliable app store, paying attention to the owner/developer of the app and if there are other apps with the same name.”

Talk to your bank to be sure, but never download an app found on an open forum.

2. Make sure your bank uses two-factor or multi-factor authentication.

Two-factor or multi-factor authentication requires bank customers to prove their identity when logging into accounts by providing at least two credentials. This is usually a password or PIN plus a confirmation code texted to their mobile phone.

Two-factor authentication greatly increases security, Korinchak says, but isn’t 100% secure. “Someone could access your phone or someone could intercept SMS traffic to gain access to the code,” he says.

3. Use a strong password.

One of the best ways to protect yourself is to use a password that contains upper and lower case letters, numbers, and random symbols. Don’t ask your browser to remember it for you either; use a reputable password manager instead.

“Reputable password managers are coded in a way that reduces risk to the user and are highly hardened against potential attackers,” Korinchak says. “Most cybersecurity experts recommend password management software.”

4. Avoid using public Wi-Fi.

When you connect to a public Wi-Fi hotspot, you’ll often get a warning that you’re not on a secure network and other people may be able to monitor your online actions. This is a good reason not to conduct financial activities using a public network. Instead, use your cellular network or home Wi-Fi to better protect your personal information.

5. Be smart about phishing and smishing.

Phishing emails often appear legitimate, as if they are actually from your bank or credit card issuer. But identity thieves use them to trick people into divulging personal information, and they can contain malware.

Smishing is the same tactic, but carried out by SMS.

“Users should be familiar with their banking app first to spot abnormal questions or pop-ups that are slightly different from normal functionality,” Walsh says.

6. Set up alerts via email, SMS or through the bank app.

Prompt notification from your bank regarding transactions on your account can help you detect potential fraudulent activity. You can then resolve the problem with your bank as soon as possible.

How banks protect their customers from cyber threats

Banks, credit unions, and investment firms are investing heavily to protect against cyberattacks.

“I think it’s safe to say that banks are spending billions to protect customer accounts,” says ABA’s Benda. “Because of Regulation E, they are on the hook if there is an attack.”

Regulation E limits consumer liability to $50 if an unauthorized electronic funds transfer is detected by a customer within two business days, and up to $500 if detected outside the two-day window. Financial institutions are liable for anything over this amount.

“Banks have very robust controls in place to control fraudulent activity,” Benda says. “A lot depends on consumer behavior, making sure consumers are following safe practices.”

At the end of the line

Banks spend a lot of time and money protecting their digital operations (including mobile apps) and their customers from theft and fraud. Customers should also do their part to best protect themselves against attacks by adopting safe mobile banking habits.