Is mobile banking safe?
A rock climber clinging precariously to the side of a cliff gets a text alert on her cellphone that her checking account balance is low. She quickly transfers funds to avoid an overdraft, then resumes her ascent.
A couple on a road trip suddenly remember they forgot to send their car payment before they left home. No problem — the wife, sitting in the passenger seat, zaps it off from her smartphone as they zoom down the highway.
© Emily Rose Bennett/Staff/ZUMA Press/Corbis
Judging from these TV commercials, using a cellphone to check your bank balance, transfer money and pay bills seems like a no-brainer, so easy and convenient that anyone who doesn’t do it must be some kind of Luddite. According to Javelin Strategy & Research, mobile banking increased by 40 percent in 2013, with 74,000 new users per day.
If you’re not yet using your phone to check your balance, pay your bills or move money from account to account, you will soon. “There’s little doubt that the era of mobile banking is coming,” says Mark Schwanhausser, director of omnichannel financial services at Javelin Strategy & Research in Pleasanton, California.
That raises the question: How safe is it? With all the tech-savvy crooks and identity thieves lurking about, is it really a good idea to have your precious financial information floating around the airwaves or residing on a piece of gear that you could easily lose? According to a Javelin study, security, or the lack thereof, is the No. 1 fear among potential mobile banking customers.
The good news is that the fear is so far worse than the reality, thanks in part to the financial industry’s heavy investment in security technology. In addition, many bank and credit card companies promise to cover 100 percent of a customer’s mobile fraud losses. Other banking institutions, such as Bank of America, offer zero liability as long as customers report the fraudulent transaction within 60 days and have not violated other protection rules.
Mobile banking comes in three different flavors. Most banks emphasize one or a combination of them.
Short message service, or SMS, works with just about any cellphone sold in recent years. It basically involves you and the bank exchanging text messages, like infatuated teenagers. Once you have registered your phone with the bank, you can ask the institution to send you a text alert when, say, your checking balance drops to a specific level or when your credit card is approaching its limit.
You can also request your current balance by sending the bank a message code, like BAL, and get a quick response. By sending various codes, you can learn what checks have cleared recently or move funds to a linked credit card. Because the bank will accept instructions only from your phone, you don’t have to worry about someone impersonating you unless you lose or loan your phone.
Be aware that some scammers send SMS messages purportedly from your bank, requesting your personal identification number, or PIN; account number; or other information. Any such request for information is almost certainly fraudulent. To make it easier to determine at a glance that text messages from your bank are authentic, add the bank’s short code to your contact list under the bank’s name.
This method uses an Internet browser to access your bank’s or credit card issuer’s website, just like you would do from your home or office computer. For smartphone users, most large financial institutions have created special Web pages that are formatted for mobile screens.
Mobile browsers are theoretically susceptible to the same kind of security risks as a home or office computer. In reality, they are probably somewhat safer at the moment because creators of password-pilfering viruses and Trojan horses haven’t yet fully focused on the mobile market. Of course, mobile Web users are as susceptible as anyone else to the phishing scams and spoofed websites that try to trick users into disclosing passwords and other personal data.
The best way to protect yourself is to exercise the same level of safe computing that you do at home or work. Avoid following links in emails purportedly sent by your bank, especially those that require you to enter passwords or other confidential information. Instead, use your browser bar to enter your bank’s Web address. Better yet, save the Web link to your bank’s login page as a bookmark to avoid the possibility of mistyping the URL.
Banking apps link you directly with your bank’s computers. Financial institutions such as Bank of America and Citibank have developed applications for the exclusive use of their customers. Others are provided by third parties such as AT&T and can be used to access accounts at many banks.
They’ve become easier to install and they’re popular because they’re often faster than logging in to a bank website. Also, their user interfaces can be simpler to navigate on a small screen.
Theoretically, at least, proprietary applications are highly secure because they are designed to work with a bank’s own security algorithms. And because they don’t use Web browsers, these applications are resistant to phishing scams. The downside is that some programs can store sensitive information on the phone itself and can allow the user to remain logged in for extended periods of time. This can be hazardous if a lost phone ends up in the wrong hands. If you use such an application, disable these options if possible.
No matter what kind of mobile banking method you use, reduce fraud and protect your money by following a few common-sense precautions:
- Set the phone to require a password to power on the device or unlock it.
- Whether you’re using the mobile Web or a mobile app, don’t let it automatically log you in to your bank account. Otherwise, if your phone is lost or stolen, someone will have free access to your money.
- Avoid sharing your password, account number, PIN, answers to secret questions or other such information. Don’t save this information anywhere on your handset.
- Immediately tell your bank or mobile operator if you lose your phone.