Are mobile banking apps secure?

Your mobile banking app may help you avoid overdrawing your current account or spending too much money. But if you’re unsure of how secure it is, you’re not alone.

Reports suggest that many people still have security-related concerns when using digital banking channels. Among mobile banking users, that’s the case for 67 percent of younger millennials, 58 percent of older millennials, 57 percent of Generation Xers and 63 percent of baby boomers, according to a recent study.

“Our recent mobile banking study confirmed that security, especially the fear of fraud, is a top online and mobile banking concern among consumers of all generations,” said Jenifer Valdivia, global marketing program manager at Jumio. “When it comes to online or mobile banking, consumers will not understand the technology their bank is using but need to feel confident that behind the easy user experience their financial data is protected.”

Sceptical consumers may be on to something. When it comes to security, all mobile banking apps aren’t created equal, says Ryan Zlockie, global vice president of authentication at Entrust Datacard.

Room for improvement

Ariel Sanchez, a security consultant at IOActive, has assessed the security risks associated with iOS mobile banking apps twice since 2013. He notes that quite a few apps were susceptible to attacks and a large number of them stored insecure data. His colleague found that mobile trading apps tend to be even less secure.

Other analyses have found similar results. In late 2016, Accenture and mobile app security company NowSecure assessed the vulnerability of 30 mobile banking apps. Every app had at least one security issue.

Making a mobile banking app secure, of course, is a complex endeavour.

“Those apps have to do a lot of really sophisticated things in terms of working on your device and then communicating it over the air to connect back to the servers and the data centres for the banks,” says Brian Reed, chief marketing officer at NowSecure. “Because that’s all so complicated — and more complicated than a simple website — there’s lots of opportunities for things to break.”

Since his company’s study was published, however, Reed says banks have made progress.

“We’re seeing an improvement,” he says. “My business is growing dramatically with the banks, so that would be an indicator that they’re taking it even more serious.”

iPhone vs. Android

Whether you’re on team iPhone or team Android may also determine how secure your mobile banking experience is.

Among banking apps running on Android, NowSecure and Accenture found that 10 percent had medium-level security issues and 2 percent had high-level security issues. None of the banks running on Apple’s operating system had high-level issues, and 4 percent had medium-level security problems.

“You tend to find sloppier code and more mistakes and more vulnerabilities on the Android platform because it’s just more like the wild west,” Reed says. “It’s easier to do bad things on Android than it is on iOS and that’s what we find in the market in general.”

Online vs. mobile banking security

Some experts suggest that banking through a mobile device is safer than banking online. Others may disagree.

“I could put 10 security people in the room and half of them will say that’s true and half of them will say that’s false, but part of it is mincing words about you define security,” Reed says.

Some banks that have multi-factor authentication on their mobile apps don’t provide the same capability on their websites, Reed says. Well-designed mobile apps don’t store any data, and you’re less likely to hear about a virus on a smartphone.

“Mobile phones have more security natively,” says Zlockie from Entrust Datacard. “The apps are more protected than the open website experience.”

Take matters into your own hands

Unfortunately, there’s no easy way to tell how secure your mobile banking app is. So you’ll have to decide whether you’re comfortable using your bank’s digital channels to manage your savings account or see how much interest you’ve earned on a ISA.

“If you trust them to do web banking, you should feel fine trusting them doing mobile banking,” Reed says.

Of course, secure mobile banking apps have certain things in common. In addition to multi-factor authentication, technologically advanced banks may capture a digital footprint of your phone that prevents another device from being used to get into your account, Reed says.

If you’re curious about how your bank keeps your data secure, ask for a security report or additional information, says Sanchez from IOActive. Choosing a bigger bank could also work in your favour.

“The smaller credit agencies, the regional banks, they don’t necessarily have big and sophisticated security and mobile development teams, so they may or may not be as strong as some of the bigger banks,” Reed says.

Even if your financial institution is doing as much as it can to make mobile banking safe, you must do your part to protect yourself. Never log into your mobile banking app over public WiFi. And keep your phone’s operating system and apps updated to avoid being exposed to security problems that a bank has fixed, Sanchez says.