How Secure is Mobile Banking
How secure these services are for users is an incredibly hard thing to quantify. Thankfully there have been no examples of mobile banking fraud on a global scale, and the fact that banks so far have provided mobile access with the same tight security measures as they have on their full desktop websites is encouraging.
In fact, the multitude of devices, ecosystems and apps available to users is not an ideal situation for criminals. There's enough differentiation between each person and their preferences to mean that unsavoury types have to be more targeted in their attacks with designs to exploit specific flaws. For that reason we can at least have some confidence that the threat of any common criminal techniques of gaining access to data is somewhat mitigated.
But while the combinations of device, OS and apps used does mean an attacker has to choose which route to take, we know threats will continue to exist. With that in mind – and the thought that the lack of news about mobile banking threats is something to be positive about – it's still well worth doing all we can to protect ourselves. This means combining the common sense steps many apply to Internet banking with pieces of mobile security advice.
It is not possible to be completely immune to potential security risks targeting a user's specific device, bank of choice or connection habits, but with the following steps it is possible to make things much harder for criminals, and to significantly lower the risks:
- Always use a pin or gesture code to lock mobile devices. Berg Insight estimates that 894 million users will access mobile banking by 2015 and with that amount of people using mobile banking hopefully all will secure their devices with a pin or gesture code. If a physical device falls into the hands of a criminal, the first thing they should be faced with is security, particularly where access to finances and other data is concerned.
- Only use official routes to communicate with banks. Ensuring users stick to the official ways of contacting and receiving information from their banks is key. Mobile banking shouldn't dramatically change the way banks communicate, so ignoring links to sites in emails requesting details, unusual texts or other messages, is advice worth noting when using a smartphone as it is when using a desktop PC, tablet or laptop.
- Be aware of connection services. Public Wi-Fi is far easier to 'sniff' for data than mobile data connections provided by a network operator. Unless the user is 100% sure of the security, or trust the connection on offer, think twice about dealing with personal finances over it.
- Installing trusted security software, like Norton Mobile Security or Norton Tablet Security, will help prevent malware – the cybercriminal's number one tool – from logging keystrokes or gaining access to a device. It can also scan emails to provide support in avoiding phishing attacks seeking bank account information.
- Be careful what you download. It's possible that mobile banking sessions could come under threat from code carried by other applications downloaded. While security software can scan for threats on a device, be aware of information entered onto a device and try to stick to well -regarded or official sources of applications or content.
With these steps, mobile banking probably won't become 100% safe. It's impossible to say it could be, just as it's impossible to say that withdrawing money in the street isn't without potential risks. But we can all greatly reduce these risks. Critically, with mobile banking we need to do our part as customers to ensure our transactions are as safe as can be.
About the Author
London-based technology writer and former deputy editor of Micro Mart, Kevin Pocock is a keen advocate for mobile device and data security. With a background in consumer computing, Kevin holds key insights into user experiences and is a regular contributor to mobilesecurity.com.