Reports suggest that many people still have security-related concerns when using digital banking channels. Among mobile banking users, that’s the case for 67 percent of younger millennials, 58 percent of older millennials, 57 percent of Generation Xers and 63 percent of baby boomers, according to a recent study.
“Our recent mobile banking study confirmed that security, especially the fear of fraud, is a top online and mobile banking concern among consumers of all generations,” said Jenifer Valdivia, global marketing program manager at Jumio. “When it comes to online or mobile banking, consumers will not understand the technology their bank is using but need to feel confident that behind the easy user experience their financial data is protected.”
Skeptical consumers may be on to something. When it comes to security, all mobile banking apps aren’t created equal, says Ryan Zlockie, global vice president of authentication at Entrust Datacard.
Room for improvement
Ariel Sanchez, a security consultant at IOActive, has assessed the security risks associated with iOS mobile banking apps twice since 2013. He notes that quite a few apps were susceptible to attacks and a large number of them stored insecure data. His colleague found that mobile trading apps tend to be even less secure.
Other analyses have found similar results. In late 2016, Accenture and mobile app security company NowSecure assessed the vulnerability of 30 mobile banking apps. Every app had at least one security issue.
Making a mobile banking app secure, of course, is a complex endeavor.
“Those apps have to do a lot of really sophisticated things in terms of working on your device and then communicating it over the air to connect back to the servers and the data centers for the banks,” says Brian Reed, chief marketing officer at NowSecure. “Because that’s all so complicated — and more complicated than a simple website — there’s lots of opportunities for things to break.”
Since his company’s study was published, however, Reed says banks have made progress.
“We’re seeing an improvement,” he says. “My business is growing dramatically with the banks, so that would be an indicator that they’re taking it even more serious.”
iPhone vs. Android
Whether you’re on team iPhone or team Android may also determine how secure your mobile banking experience is.
Among banking apps running on Android, NowSecure and Accenture found that 10 percent had medium-level security issues and 2 percent had high-level security issues. None of the banks running on Apple’s operating system had high-level issues, and 4 percent had medium-level security problems.
“You tend to find sloppier code and more mistakes and more vulnerabilities on the Android platform because it’s just more like the wild west,” Reed says. “It’s easier to do bad things on Android than it is on iOS and that’s what we find in the market in general.”
Online vs. mobile banking security
Some experts suggest that banking through a mobile device is safer than banking online. Others may disagree.
“I could put 10 security people in the room and half of them will say that’s true and half of them will say that’s false, but part of it is mincing words about you define security,” Reed says.
Some banks that have multi-factor authentication on their mobile apps don’t provide the same capability on their websites, Reed says. Well-designed mobile apps don’t store any data, and you’re less likely to hear about a virus on a smartphone.
“Mobile phones have more security natively,” says Zlockie from Entrust Datacard. “The apps are more protected than the open website experience.”
Take matters into your own hands
Unfortunately, there’s no easy way to tell how secure your mobile banking app is. So you’ll have to decide whether you’re comfortable using your bank’s digital channels to manage your savings account or see how much interest you’ve earned on a CD.
“If you trust them to do web banking, you should feel fine trusting them doing mobile banking,” Reed says.
Of course, secure mobile banking apps have certain things in common. In addition to multi-factor authentication, technologically advanced banks may capture a digital footprint of your phone that prevents another device from being used to get into your account, Reed says.
If you’re curious about how your bank keeps your data secure, ask for a security report or additional information, says Sanchez from IOActive. Choosing a bigger bank could also work in your favor.
“The smaller credit agencies, the regional banks, they don’t necessarily have big and sophisticated security and mobile development teams, so they may or may not be as strong as some of the bigger banks,” Reed says.
Even if your financial institution is doing as much as it can to make mobile banking safe, you must do your part to protect yourself. Never log into your mobile banking app over public WiFi. And keep your phone updated to avoid being exposed to security problems that a bank has fixed, Sanchez says.
You may also want to think twice about how you’re using your mobile banking app, especially if you’re entering personal data like your Social Security number.
“Consider only using desktop browsers when originating or signing up for new accounts since so much personal information is exchanged,” Reed says. “Once you have created the accounts, go ahead and use mobile apps.”