How safe is online banking on a mobile phone?

20 Feb 2019, 12:00 am
Stephen Levine
How safe is online banking on a mobile phone?

Feature Highlight

Your common sense is the last line of defence. A victim of mobile banking breaches will usually be someone who does not take their security seriously.


Is mobile banking safe? At first glance, it certainly doesn't seem so. After all, is it a good idea to use the same device for watching cat memes and carrying out financial operations? But it all depends on how cautious and well-informed you are.
    
Hackers exploit weak passwords and vulnerabilities of public Wi-Fi to infect devices with malware. However, most mobile banking attacks happen through social engineering – when users are manipulated to give up their usernames and passwords to hackers, scammers and other cybercriminals.

Social engineering techniques range from phone calls, malware links, phishing websites to more advanced (and less frequent) attacks like phony banking apps. It's much easier to fall for a scam than you think, and the best defence against them is knowledge. Here are some tips for safe mobile banking.

1. Don't lose your phone

The biggest security threat of your mobile phone is also its greatest asset – its size. Phones are small, handy, beautiful, and easy to lose.

Losing a phone is as heartbreaking as losing a part of yourself, but it gets even worse. If someone who found or stole your phone uses it to access your bank account, you could lose much more.

A strong password (made of a random string of lowercase and uppercase letters, numbers, and symbols, at least six characters long) is the most secure way to lock your phone.

If you are afraid to forget the password, use a PIN key (something more difficult and unique than 1111) or a pattern lock with biometric identification, which can be:

Facial recognition – convenient but not secure, since it can sometimes be bypassed with a photograph.

Iris scanning – the pattern of your iris is unique and can't be replicated with a simple photo.
    
Fingerprints – low false-acceptance rates, perfect if you don't often wear gloves.
    
Iris scanning or fingerprint identification with a strong PIN will grant you easy and secure access to your phone.

Never leave your phone unattended. Install an anti-theft and recovery app that can locate your phone, lock it remotely, or even wipe your data if it gets stolen.

As a final layer of security, always log out from your banking app after you finish your operations.

2. Use the official banking app, not the browser

The second biggest security threat concerns the banking app. If you aren't careful, you could download a fake banking app created by scammers to break into your account.

Make sure your bank created or approves of the app you are downloading. Get it from their website. Moreover, do not use mobile browsers to log in to your bank account – they are less secure than bank-sanctioned apps.

Finally, before downloading any app to your phone, you should research the developer, read the reviews, check the app rating on Google Play or App Store. Poorly designed or malicious third-party apps could use your username and password to access your bank account and empty or monitor it.

3. Don't just follow any link you see

You pick up your phone, open up the email app, and notice that your bank sent you an announcement about a new service. The letter ends, "You can save up to a thousand dollars per year! For more details, follow this link." You click it, go to the landing page, log in, but some error occurs, and you are disconnected from the website.

You just gave your username and password to a scammer.

The email you got was not from your bank, but from scammers pretending to be your bank. You would have noticed it had you checked the sender details more carefully. The landing page was actually a clone made to look like your bank's website. When you entered your password, you handed your data straight to cybercriminals.

Always check the URL and domain of any link you are about to click on, especially if it claims to be from your bank. If it looks suspicious – avoid it. The same applies to SMS messages or messages and links on social media.

Never send your username or password via email, social media or text message. If you did – change the password immediately.

4. Don't use mobile banking on public Wi-Fi

Anyone on a public Wi-Fi network is in danger of a security breach. Most of these networks lack basic security measures and have poor router configurations and weak passwords. Mobile banking or any other activity that exposes your sensitive data should never be done on public Wi-Fi.

If a hacker is monitoring the public Wi-Fi or hotspot you are using, they could intercept the data being transferred to and from your phone and use it to access your banking account.

If you are scrolling in a library or a coffee shop and you need to access your bank account, use your cellular network instead. It's not perfect, but it's better than public Wi-Fi. Better yet, turn on a VPN and use public Wi-Fi without the risk of compromising your personal data. A VPN encrypts your web traffic, making it extraordinarily difficult to intercept and decipher.

Is Mobile Banking Safe on Android?

Since the Android platform allows its users more flexibility, it also leaves more security holes than iOS systems. Minimize your risks by downloading apps only from Google Play and update them in a timely manner.

Go to your Android settings and make sure that you have turned on Google Play Protect, which scans your apps for suspicious behaviour. You can also use the Find My Device setting, which lets you find, ring, lock, or even wipe your device from afar.

Go through the apps you've downloaded and installed on your phone and delete the ones you do not need or use – each represents an unnecessary potential vulnerability. Old apps may also be poorly supported or have security holes or malware. A clean and tidy Android system is likely to be a secure one.

Is Mobile Banking Safe on iPhone?

Banking apps on iOS tend to be secure, thanks to the rigorous standards of the App Store. The most vulnerable iOS systems are those that have been jailbroken.

Jailbreaking means cracking the standard settings of an iOS system so that you can modify your phone in ways that Apple does not allow. With a jailbroken phone, you can install apps not authorized by Apple, and you can also remove the security protocols that Apple has built into the device. Jailbreaking also voids the warranty, so you won't get support from Apple when you might need it most.

If you are just a regular iOS user, you should never jailbreak your iPhone. Only use apps from the App Store, which are usually safe. Malware may bypass Apple's defences once in a while so you should always be careful, but they certainly catch many potential threats.

Final Thoughts

Is it safe to use mobile banking apps? Yes. Download the official banking app, update it constantly, use a VPN, like NordVPN, with a public Wi-Fi, and keep your phone close by!

However, that doesn't make you completely safe from scams, malware attacks, and hacking. Your common sense is the last line of defence. A victim of mobile banking breaches will usually be someone who does not take their security seriously.

Stephen Levine contributed the article from NordVPN

Editor's Note
This article is published under the series Finance and Technology, a new platform of Financial Nigeria magazine, promoted by Simplex Business Solutions Limited. Knowledge leaders in the interception of finance and technology are welcome to contribute to the industry platform. Editorial contributions should be submitted to editor@financialnigeria.com.


Other Features