6 steps to safer online and mobile banking
- Paying bills electronically and receiving email alerts are common at banks today.
- Several layers of protection are in place for peer-to-peer electronic money transfers.
- Under Regulation E, consumers are protected from unauthorized account activity.
Using a phone to send a friend money to cover your bar tab, getting your ATM receipt via email and depositing a check by smartphone may seem futuristic, but these online and mobile banking functions are available today from many banks.
While these and other paperless banking practices are practical and environmentally friendly, some consumers wonder if they are compromising their security in the name of convenience. Financial institutions have protections in place as well as recommendations for their customers on steps they can take to avoid financial or identity theft while using their smartphones for making payments and deposits.
While online and mobile banking transactions such as paying bills, checking account balances, receiving electronic bank statements and email alerts, and transferring money between bank accounts are common, there are newer innovations for paperless banking. Here's what banks are offering today and some ways to protect yourself.
Social payment services. About 1,700 banks and credit unions in the U.S. with more than 40 million online customers offer Popmoney, a Web service that allows customers to electronically send payments to friends, family and small vendors, according to Tom Roberts, senior vice president of marketing of CashEdge, a division of Fiserv, which provides Popmoney services.
"Ninety-eight percent of the time, people are still using cash or writing a check for things like splitting the rent between roommates," Roberts says. "Popmoney allows you to send funds with only the information that you already have from someone, like an email address or a mobile phone number."
Bank of America and Wells Fargo customers can use "Send & Receive Money," a personal payment service similar to Popmoney, to send money from one person to another with just an email address or phone number, says Lisa Westermann, a spokeswoman for Wells Fargo.
Paperless ATM receipts. Westermann says Wells Fargo was the first financial institution to introduce an e-receipt option for ATM customers. She says 12 percent of all receipt-eligible ATM transactions result in a receipt being sent to an online banking inbox or a designated personal email account.
In addition to Wells Fargo, Citibank recently introduced paperless ATM receipts for its customers.
Mobile deposits. PNC Bank spokesman Tim Rice says customers using the PNC mobile app can take a picture of a check with their mobile phone to deposit it directly into their PNC account. Many other financial institutions, including Bank of America, Wells Fargo and Citibank, also offer mobile deposit apps for their customers.
Several layers of protection are in place for users of mobile apps and peer-to-peer electronic money transfers.
Under federal Regulation E, also known as the Electronic Fund Transfer Act, consumers are protected from unauthorized account activity, Westermann says. The regulation covers electronic fund activity on consumer accounts such as checking and savings accounts. The regulation limits consumer liability to $50 or less if the consumer notifies the bank within two business days of unauthorized activity and to $500 or less if the bank is notified after two business days.
Many financial institutions require customers to sign up for online and mobile banking with a username, a password and security questions that can be used to verify the customer's identity. For example, Wells Fargo uses automatic timed logoffs after 10 minutes of inactivity to prevent someone from accessing information from an unattended computer.
"From the moment that account information leaves your computer to the time it enters Wells Fargo's system, all online access and bill-pay sessions are encrypted," Westermann says. "During any transaction, our 128-bit encryption turns your information into a coded sequence with billions of possible variations, making it nearly impossible for unwanted intruders to decipher."
CashEdge's Roberts says that transferring funds with a peer-to-peer service such as Popmoney is safer than carrying cash or sending a check in the mail because of the risk of physical or identity theft from those latter activities. If you enter the wrong email address or phone number, you can cancel or stop a payment to a recipient by using the service any time prior to the recipient retrieving the money. Payments expire if not picked up within 10 days.
Financial institutions typically send an email or text verification of a payment to any contact name or account. Popmoney also requires that you enter a verification code on its website for added protection.
"So if you receive a text message and see that you sent money to the wrong person, you can stop it before it gets picked up. Every transaction generates an email confirmation to the sender and the recipient, so you'll know if something isn't correct," Roberts says.
Wells Fargo's Westermann says that consumers still must be vigilant with contact information when using services such as Send & Receive Money.
"If the mistyped email address or mobile number happens to be valid and registered to someone else, the funds will be delivered to that person," she says.
If the email address or mobile number is not registered to anyone, then the transfer can be canceled.
Roberts says consumers who use paperless banking options should focus on the security of their smartphones, tablets and computers. "Our weakest link is actually the consumer's personal computer," Roberts says. "Probably the most important element of protection is for consumers to keep their antivirus protection in place and up-to-date."
Here are six tips to follow for better online and mobile banking protection, provided by Roberts and the Independent Community Bankers of America.
- Use antivirus software.
- Don't click on a link unless you're sure of who sent it and what it is.
- Don't open an email attachment from anyone you don't know.
- Use strong passwords with eight or more characters and a mix of letters, symbols, numbers and punctuation.
- Don't share your passwords.
- Sign up for email alerts from your bank that will help you monitor your accounts.
Online and mobile banking requires proactive consumers to monitor their security along with their financial institution.
"Paperless banking facilitates moving your money directly without the need of an interim account and leverages the security already provided by trustworthy financial institutions," Roberts says. "Paperless banking is both convenient and safe."