Keep hackers from sensitive information
Are you one of the 32.5 million Americans who, by the end of June 2011, accessed mobile banking information on their smartphones? According to research company comScore Inc., an ever-increasing number of banking customers are using their devices to check balances, transfer funds and even deposit checks.
That’s why it’s critical to be sure the banking environment is secure, says Phil Blank, managing director of security risk and fraud at Javelin Strategy and Research based in Pleasanton, Calif. He says banking securely means knowing how to protect yourself before a problem arises.
“The real grand slam for phone security is prevention,” he says.
Here are seven steps Blank and other security experts say consumers should take to keep their sensitive financial information out of the hands of thieves and hackers.
Create a device password
Go to your phone’s settings menu, and configure the device so each time the phone is turned on, your password must be entered to access information, says Carl Tsukahara, chief marketing officer for Clairmail, a San Rafael, Calif., company that provides mobile banking services to major banks.
Use the password feature on the phone when it comes out of the power-saving mode as well, he says.
When your phone is locked, it’s unlikely a thief could get access to mobile banking personal information if it ever gets lost or stolen, he says.
Look for ‘https’ in the browser
Bank users need to verify they’re on a secure site before they log in, Blank says. For any website that requires personal information, consumers should look for “https” in the Web address, which signifies more security than “http.”
Also, don’t click on unfamiliar links, just as you wouldn’t click on an unknown link with your home computer. “The advice is very much the same as with PCs,” he says.
Download bank apps from reputable sources
Many consumers are choosing to skip regular Web browsing, and instead download phone apps from their bank, says Secil Watson, senior vice president of Internet and mobile banking at Wells Fargo in San Francisco.
That’s fine as long as the customer is sure of the source, she says. “Don’t use third parties to download your bank app. Instead, go to your financial institution’s official app page to download it,” Watson says.
Be cautious on Wi-Fi networks
Many devices have the ability to access local Wi-Fi spots for the Internet, but if you’re on a public network, your data may not be secure, Watson says.
Use your mobile provider’s network instead. If you’re in an area where that’s not possible, use a password-protected, closed Wi-Fi network — perhaps one in your own home, Watson says.
If you’re in doubt about how secure your network is, it may be best to skip mobile banking tasks until you can get in a more secure environment, she says.
Change banking passwords regularly
Create passwords that are difficult for someone else to figure out, Watson says. Include capitalized and lowercase letters, numbers, and special characters or symbols as allowed by your bank’s login system. “Update them every six months or every year,” Watson says.
“Use different passwords from the ones you have for sites like Facebook and LinkedIn, so the password isn’t the same as your brokerage and retirement account,” she says. That way, if hackers gain access to a social media account, they won’t have automatic access to your mobile banking accounts.
Report a loss to your phone company and bank
“Research shows consumers will report the loss of a phone faster than they’ll report the loss of a credit card,” Wells Fargo’s Watson says.
Tsukahara says that’s smart, but after a consumer calls his or her phone provider to report the loss, he or she should also call the bank to report the phone lost.
“Most (financial institutions) today can disable any kind of banking or fund transfer capability on your application remotely if they know your device is missing. That locks down your identity from any kind of potential intrusion in the event it is lost or stolen,” he says.
In addition, consider installing remote wipe software on the device, Blank says. “You can always disable the phone, but you may have a ton of personally identifiable information on the device. So do what’s necessary to wipe that phone,” he says.
Many cellphone manufacturers offer remote wipe service to their customers. Consumers also can look for software from recommended websites, he says.
Add your bank to your contact list
If you receive mobile banking text messages from your financial institution, take the “short code” (a special telephone number used to send and receive text messages) that identifies the bank and add it to your device’s contact list, Tsukahara says. That way, you won’t be fooled if you receive a text from an unknown number that purports to be your bank asking for personal information.
When added to your contact list, the short code should pop up with an identifying name, Tsukahara says. “You’ll generally know with a high degree of certainty that the text is coming from the bank, because it is very hard for anybody to come in and spoof,” he says.