Cybercrime experts often tell consumers to upgrade their technology to protect themselves from credit and debit card fraud, identity theft and other financial scams. But is upgrading your hardware and software really necessary?
Yes, says Shirley Inscoe, senior analyst at Aite Group, a research, consulting and analytics firm in Boston.
“Consumers who use old devices may feel they are saving money, but at what cost?” Inscoe asks. “For all consumers who shop or bank online, security should be top of mind. In most cases, newer technology will provide highly improved security.”
Having up-to-date hardware and software makes it more difficult — although not impossible — for the bad guys to get your data.
Inscoe says she “wouldn’t dare” bank or shop online with an old computer.
For those who can’t or won’t update, it might be best to “go old school,” says Eva Velasquez, CEO of the Identity Theft Resource Center, a San Diego-based nonprofit that offers recovery assistance and educates consumers about fraud and identify theft. That could mean visiting a bank branch in person or getting account statements through the mail, for example.
If you think your personal data has been compromised, keep an eye on your credit report for signs of unauthorized credit lines. Check your report for free at myBankrate.
When old is good
To be fair, some very old technology isn’t likely to be compromised because it can’t access the Internet. Flip phones that predate the smartphone era are one example.
“Those are safe,” Inscoe says, “because you can’t do anything with them.”
And “60 minutes” reported in 2014 that U.S. Air Force nuclear silos still rely on Cold War-era computers that use 8-inch floppy disks to help manage, among other things, the launch codes the president would use to authorize an attack.
The military is in no rush to replace these computers because they are secure from cyber threats.
Why software matters
But protection on newer computers and mobile devices is usually only as good as the latest security software release.
That’s why “it’s important that consumers take advantage of updates as soon as they’re available, particularly if they shop or bank online,” Inscoe says. “This is a bit more difficult for Android users currently, which is why 95% of mobile malware is directed at Android devices.”
That’s a scary percentage — and some reports have put the figure even closer to 100% — but that doesn’t mean your Samsung phone is going to get hacked.
In fact, a 2015 Data Breach Investigations Report from Verizon found that each week an average of just 0.03% of mobile devices on its network “were infected with ‘higher-grade’ malicious code.” That malware is the kind used to steal your financial data.
Verizon says our mobile devices aren’t hack-proof; the bad guys just have their sights set elsewhere — at least today.
No updates for old hardware
One reason older devices pose a risk is that manufacturers tend to phase out their technical support over time. As a result, security upgrades cease on those devices.
For example, the latest version of Apple’s mobile operating system, iOS 8, is compatible on the iPhone 4s or newer models. That means any iPhone sold before October 2011 is stuck with older operating systems. The update also is unavailable on older versions of the iPad.
Apps, whether old or new, can be trouble. Don’t assume just because you downloaded it from a legitimate site — Google Play, for example — that it’s free of malware. Computer security company Norton says that because of the volume of apps available, it’s impossible to police them all.
“Some of the popular games are the worst,” Inscoe says. “People download a free game and guess what? You got a hidden bonanza that you don’t even know about.”
Rather than download freebies, consumers should pay a few dollars to buy safe, legitimate apps. Norton also recommends reading reviews. If there’s little to no information, it might be a good idea to take a pass.
Parents should also set rules for what their children can download.
“All the kids are thinking about is the game they want to play,” Inscoe says. “They’re not thinking some bad guy might have planted malware that will ruin their mom’s entire device.”
Bank apps seen as secure
Bank apps tend to be among the most secure. Indeed, the financial industry has “done a very good job messaging consumers and trying to balance convenience versus security,” Velasquez says.
Still, consumers should make sure any app they download is a legitimate app for their bank. Again, an app that has very few downloads or positive user reviews could be an impostor.
Still not sure? Contact your bank.
Community banks have online resources and are eager to train their customers on best practices, says Cary Whaley, vice president of payments and technology policy at Independent Community Bankers of America, a Washington, D.C., trade group that represents community banks.
“Don’t hesitate to call your bank with any questions on how to better secure your account when banking via online and mobile channels,” Whaley says.
Old apps should be updated regularly as updates become available.
New technology could become even more secure as banks introduce new ways to identify their customers.
“There’s not a lot of privacy left,” Inscoe says, “so there’s a real need to come up with something that will be reliable that people can use to be authenticated and prove they are who they claim to be.”
One new direction is biometrics. Fingerprints are an obvious example, but Inscoe says banks are also looking at facial scans, iris scans and voice prints, which could be generated from recorded calls to the bank’s customer center or registered by customers themselves.
Another new direction is behavioral measures, which track patterns in how people use their devices. This approach matches how someone moves a mouse or what pages he or she typically looks at, for example.
When in doubt, check it out
The bottom line is that consumers who own old devices should check with their bank before they use online or mobile banking to make sure the device, browser and service provider are all supported, Whaley says.
Some banks are so concerned about compromised tech that they screen their customers’ devices when they log on and notify them if malware is present. Some malware can hide and then take over a computer, operating it remotely and accessing stored passwords and other sensitive information.
At that point, Inscoe says, “we are really at the mercy of our financial institutions to protect us from ourselves.”