With mobile apps now offered by virtually all financial institutions, more people are choosing mobile banking as their preferred means of banking. In the U.S. alone, over 75% of Americans used mobile banking apps in some form in 2019, with studies of financial data suggesting that mobile banking has surged dramatically in 2020–and will continue to surge in upcoming years.
This has led many to question how secure mobile banking really is, especially in light of the rise in cyber attacks in recent years. In this article, we cover mobile banking security as well as some best practices you can take to ensure a secure mobile banking experience.
How mobile banking works
At its core, mobile banking is a service provided by banking or financial institutions which allow customers to make financial transactions on a mobile device (i.e. mobile phone, tablet, etc). Mobile banking is typically app-based, meaning that most banks have apps available for customers to download and access their bank account. From there, most mobile banking apps allow customers to pay bills, track spending, transfer funds, and even deposit checks.
Types of mobile banking cyberattacks to beware
Due to its convenience, more people have turned to mobile banking as their primary means of banking, especially during the pandemic when many banks have temporarily (or even permanently) closed their brick-and-mortar locations. With this recent rise in adoption, the FBI has warned of exploitative techniques cyber actors may use to target mobile banking customers, including fake banking apps and app-based banking trojans.
Fake banking apps
As its name suggests, fake banking apps are designed by cyber actors to impersonate real banking institutions, with the goal of tricking customers into entering their login credentials. How this is accomplished is that the fake app may show an “error” message after an attempted login, or take advantage of smartphone permission requests to bypass and obtain security codes sent to users via text.
App-based banking trojans
Banking trojans are malicious programs that may be disguised as other apps, such as games. After it’s downloaded, the trojan will be triggered when a user launches a legitimate banking app and then will create and overlay a fake version of the bank’s login page over the legitimate app. Once the customer enters their login credentials into the false page, the trojan will reroute them back to the real login page so the user is unaware that they’ve been compromised.
Tips to improving mobile banking security
While banking institutions invest heavily on their part to secure their customers’ accounts, here are a few precautions you can take to increase the security of your mobile banking experience.
Ensure you’re downloading an official bank app
By far the best and most secure way to download a mobile banking app is through your bank’s website. Most banks feature links to their official app on their website, which will redirect you to the app store page where you can then download the app onto your mobile device. To ensure that you are indeed downloading the official bank app, check the owner or developer of the app.
Avoid using public wi-fi
Though it can be convenient, avoid using public wi-fi when conducting any mobile banking. Public wi-fi networks are typically unsecure, which means that others may be able to monitor your actions online, leaving you at a greater risk of being exploited by malicious actors. If possible, use your cellular network if you need to access your mobile banking app in public, or wait until you’re home to use your home wi-fi.
Set a strong password
Password security remains one of the best ways to protect yourself from cyber attacks. A strong password should be unique and contain a random mix of upper and lower case characters, numbers, and special characters. Passwords should preferably not be repeated across multiple accounts. If you struggle to remember your passwords, use reputable password manager software rather than a built-in password manager on your browser.
Take advantage of 2FA or MFA
While two-factor authentication (2FA) and multi-factor authentication (MFA) in themselves are not perfectly secure, they do offer extra layers of security by requiring users to confirm their identity in more than one way. Most mobile banking apps today offer 2FA or MFA as part of their standard mobile account setup. These typically come in the form of security codes sent via text or biometrics (i.e. Touch ID) and can be enabled within the security settings of your mobile app.
Set up email, text, or in-app alerts
While mobile bank alerts can be set up to inform you of account payments and transfers, they can–and should–also be set up to notify you of potentially fraudulent or suspicious activity. That way when a suspicious transaction occurs that doesn’t match your typical banking or spending habits, you’ll receive an alert immediately about it. Oftentimes, you’ll also be able to approve or decline the transaction by responding to the alert.
Should you use a mobile banking app?
At the end of the day, mobile banking has increasingly become the preferred way for people to bank because of its convenience and, due to its rising popularity, most banking institutions are responding accordingly by investing heavily in high-end encryption technologies to secure its customers. By exercising a few additional security precautions on your part, there’s no reason why you shouldn’t use a mobile banking app.
Story by Gary Wilkinson
Share
Contributors
