Be aware that some scammers send SMS messages purportedly from your bank, requesting your personal identification number, or PIN; account number; or other information. Any such request for information is almost certainly fraudulent. To make it easier to determine at a glance that text messages from your bank are authentic, add the bank's short code to your contact list under the bank's name.
This method uses an Internet browser to access your bank's or credit card issuer's Web site, just like you would do from your home or office computer. Many cell phones still don't have a built-in mobile browser, and many people haven't subscribed to a cellular data service. But that's changing with the popularity of Apple's iPhone and other smart phones equipped with QWERTY keyboards and bigger screens. Some financial institutions, including Bank of America and Discover Card, have created special Web pages that are formatted for mobile screens.
Mobile browsers are theoretically susceptible to the same kind of security risks as a home or office computer. In reality, they are probably somewhat safer at the moment because creators of password-pilfering viruses and Trojan horses haven't yet fully focused on the mobile market. Of course, mobile Web users are as susceptible as anyone else to the phishing scams and spoofed Web sites that try to trick users into disclosing passwords and other personal data.
The best way to protect yourself is to exercise the same level of safe computing that you do at home or work. Avoid following links in e-mails purportedly sent by your bank, especially those that require you to enter passwords or other confidential information. Instead, use your browser bar to enter your bank's Web address. Better yet, save the Web link to your bank's login page as a bookmark to avoid the possibility of mistyping the URL.
Client application programs, which are downloaded and installed on smart phones, link you directly with your bank's computers. Financial institutions such as Bank of America and Citibank have developed applications for the exclusive use of their customers. Others are provided by third parties such as AT&T and can be used to access accounts at many banks.
Although they can require a bit of effort to install, client applications are popular because they're often faster than logging in to a bank Web site and their user interfaces can be simpler to navigate on a small screen.
Theoretically, at least, proprietary applications are highly secure because they are designed to work with a bank's own security algorithms. And because they don't use Web browsers, these applications are resistant to phishing scams. The downside is that some programs can store sensitive information on the phone itself and can allow the user to remain logged in for extended periods of time. This can be hazardous if a lost phone ends up in the wrong hands. If you use such an application, disable these options if possible. To minimize the risk of obtaining a rogue application, download the program from a trusted source, such as the bank itself, or a reliable vendor, such as iTunes.
No matter what kind of mobile banking method you use, reduce fraud and protect your money by following a few common-sense precautions:
- Set the phone to require a password to power on the handset or awake it from sleep mode.
- Whether you're using the mobile Web or a mobile client, don't let it automatically log you in to your bank account. Otherwise, if your phone is lost or stolen, someone will have free access to your money.
- Avoid sharing your password, account number, PIN, answers to secret questions or other such information. Don't save this information anywhere on your handset.
- Immediately tell your bank or mobile operator if you lose your phone.