Popular Posts

Banking 101: Is Mobile Banking Safe? Should You Avoid it?

Written by Katherine Gustafson | Published on 2/14/2019

Note: This article is part of our Basic Banking series, designed to provide new savers with the key skills to save smarter.

As more and more banks enhance their mobile applications and customers increasingly bank online, there is growing scrutiny on the safety of these transactions.

Many of us are asking the following questions: Is mobile banking safe? Is it better to stick to teller windows, paper checks and ATMs? Can we confidently use the digital resources that are making money management easier than ever?

It can be alarming to read news like the recent report that cyber-attackers attempted to breach nearly 740,000 mobile banking accounts at Italy’s largest bank, UniCredit.

We’ve become used to hearing of such problems with banks and other financial institutions, including extremely high-profile incidents like the 2017 breach of credit reporting agency Equifax that compromised millions of customers’ personal information.

While such offenses are certainly alarming, the good news is that they are rare: Experts say that the risk of cyber crooks penetrating online banking systems is generally low. There are security flaws in many apps, so there are still risks, but usually the weakest link in these systems is how customers manage their online security. That means we have a lot more control than we may think over protecting our finances online.

In this post, we’ll explain how.

Mobile banking risks

A system is only as strong as its weakest aspect, and mobile banking customers tend to present that weakness. Fraudsters can easily take advantage of security gaps left open when mobile devices aren’t running with the latest operating system updates, using weak passwords or lacking other protections like firewalls and antivirus software.

Many phone users don’t treat the security of their mobile devices with the same concern as they do with their laptops and desktop computers. People aren’t as prone to installing operating system updates on their phones, or running antivirus and anti-malware programs that can detect and prevent security breaches. A troubling 43 percent of mobile device users don’t even have any kind of passcode, PIN or pattern lock set on their phones, according to Accenture.

While user error poses the largest risks for mobile banking security, there are relatively low risks from other aspects of the system, including networks and the apps themselves. Risks from network insecurity can be mitigated by customer vigilance in when and where they do mobile banking. But banks themselves are responsible for ensuring the highest security for their apps.

A 2017 Accenture study of 30 mobile banking apps found at least one security flaw in every single one of them. A quarter of them had at least one high-risk security flaw, leaving customers vulnerable no matter the security precautions they took on their own phones. Customers should watch out for how their bank handles mobile security.

How to protect against mobile bank fraud

As a mobile banking customer you have a lot of control over the level of protection you enjoy as you bank on your phone or tablet. Here are some tips to make sure you are not the weak link in the security chain.

  • Set strong passwords for your bank apps and set up fingerprint or face ID if it’s available to you. Make your passwords long, complex, unique and hard to guess by using a combination of uppercase letters, lower-case letters, number and symbols. Change your password regularly. Using a secure password-management software can help you avoid writing them down, which presents its own risk.
  • Use a secure network connection. Banking on public Wi-Fi, particularly unsecured networks, is never a good idea. Avoid banking in public places, or use a virtual private network (VPN) to ensure your connection is secure and your data is encrypted.
  • Install updates regularly. The companies that make your operating systems and software continuously update their products, in part to close any security gaps or loopholes. It’s essential that you keep your operating system and apps up-to-date in order to ensure the greatest possible level of security.
  • Run security software. There are many antivirus and anti-malware applications that protect computers from attacks. Mobile phone users may not consider these as important for their devices as they do for their computers, but you can vastly increase your mobile security by using a mobile antivirus and/or malware-detection app available from a trusted company.
  • Sign up for fraud monitoring. For those particularly concerned with the security of their online banking can go the extra mile by signing up for fraud-monitoring and identity-protection services that can monitor your accounts for any suspicious activity.
  • Use a security-focused bank. If you have done your due diligence as a customer but feel that the app your bank provides has security flaws, your best bet is to switch to a bank that takes mobile security more seriously. Things to look for in mobile banking apps are two-factor authentication, tiered authentication that presents higher security for higher-risk activities, a limited allowance for log in attempts and automatic time-out after a period of inactivity.

It takes only a little bit of extra vigilance and security-mindedness to ensure that your mobile banking experience is as secure as possible. If you do your part as a customer, the risks from mobile banking are relatively low and you can bank with confidence this way.

  |     |   Comment #1
This all sounds very convenient. But, I only have a rudimentary cell phone (not a smart phone). I pay $10 a year post paid service.
  |     |   Comment #2
DCGuy, same here. The good news is that our way of banking is more secure, because we're not even tempted to handle our bank transactions via smart phone app.
  |     |   Comment #7
Wow! Where you get $10 a year phone service?
deplorable 1
  |     |   Comment #12
I use the magicjack app which only cost me about $2/mo. and that's for home phone as well. The only catch is it's not cell service so you need a wifi connection.
  |     |   Comment #3
I use my mobile phone for talk and text only. When it comes to using my phone for payment and check deposits I draw the line there. I work in the IT Technology sector and there is nothing secure about a cell phone specially if you use blue tooth BT. And is you installed a questionable app that requires unlimited permission you are done for. The BT protocol is very easy to hack and spoof. I have known people who had their phones cloned when they were using BT. It is very hard to keep your phone private since everything installed on it is tracking you one way or another.
  |     |   Comment #13
Well said! I agree that the phone is for talk and text, that way you only share those communications with the NSA (Hopefully) - HA!! If you need internet on your phone for directions while driving or some other reason, just remember to disable it each time after using it. Don't keep the internet "on" because your web browser (Google, Firefox, etc.) will track you all the time, and "sell that data".
People should consider using Webroot Security for phone/computer (paid subscription), which will secure I-phone, Android, Mac and Windows. If you use a "free" security application, which is not free, they will sell your data and spy on you. Pay for a subscription.

Best advice: Use a flip phone!
Get Real
  |     |   Comment #4
I was on a Federal grand jury and many of the cases were tellers stealing from accounts or moving funds to their own accounts for short time frame to show they had assets. Also, your bank should shred any transaction documents (Hopefully,).

Also, if you don't bank on line your records are stored on line. Remember Eqifax?

I know most people here check all their statements.
  |     |   Comment #5
At least, if you don't have an online login, the responsibility for assets stolen via online hack should then be on the bank's side. Otherwise, they might try to claim that you were not guarding your login credentials carefully enough.
  |     |   Comment #6
It's also worth mentioning that there are federal laws that limit the consumer's liability for electronic banking:


Certain rules and deadlines have to be followed by the customer to be protected under the law. The bank's disclosures also spell these out in more detail. It pays (literally) to read and know about these deadlines. They tend to be relatively reasonable in my opinion. (Except of course in the case of TreasuryDirect, which puts all liability on the customer.)
  |     |   Comment #8
Cell phone banking should be band, any hacker can intercept any communication between any cell phones and any RF tower. The RF signal is not encrypted until it reaches its destination. There are gadgets out there. that can even record and intercept any typing done on a cell phone screen. Use it at your own risk, I will never subject myself to cell phone banking.
sixty something
  |     |   Comment #9
I'm still not thoroughly convinced online mobile transactions are as secure as those done via a desktop. In any event, I don't trust my vision or manual dexterity to be making financial transactions on a device that is smaller than a hand.
  |     |   Comment #10
A recently discovered and incredibly unsettling bug in Apple’s FaceTime software lets callers hear the audio from the phone they’re calling before the person they’re calling has a chance to accept or reject the call. What’s more, callers can even see through the front-facing camera belonging to the person on the other end.
deplorable 1
  |     |   Comment #11
I protect myself by doing all my banking on a desktop with a hard line. I don't keep track of my finances on my phone so for me a desktop is just more convenient and probably much safer as well. This mobile banking probably appeals to those who are working tons of hours and have very simple finances like one bank with a checking and savings. I could see how it would be very convenient to do your banking during a lunch or break.
  |     |   Comment #14
The cell phones are designed for talk and texting with some pictures thrown in, other than that, you are asking for trouble, encrypting, decrypting, sending, receiving of bank records is very dangerous. Do not be fooled by the banks telling you, it is safe, it is not, they are not responsible if your money are lost, read the disclaimer from any bank, they put the responsibilities on you to protect yourself, not them. You have to proof it was not you sending unauthorized ACH or wire or made ATM withdrawal or the password reset was not done by you. Good luck proving all of that.
  |     |   Comment #15
i agree. I very rarely, if ever need to do banking transactions from my cell phone.

Most banks and credit unions offer account alerts. I wonder if receiving account alerts on a cell phone is safe? I receive several updates via text. Such as a weekly balance update, or a low balance alert, when interest was paid, or a deposit made, credit card alerts, etc. Should all those be turned off? They don't show any acct numbers, but the bank name is visible. They will also email that info.
  |     |   Comment #16
Let us know if they become low yield which would confirm what some have doing a long time...not! Did u ever read their discloses and see the non-liability part? Need we say more! It is what it is, was what it was, and will be what it will be!
  |     |   Comment #17
And what has been, will never be again, dunmovin. I will change to email. But its nice to get alerts about my credit card. They will notify me to confirm certain purchases, or ANY charge. I like that. And I like to know when my monthly interest has been deposited, so I can start blowing it and having fun! :-) The days of counting & hoarding money are over. It's kinda nice being an old dude now.

The financial institution, product, and APY (Annual Percentage Yield) data displayed on this website is gathered from various sources and may not reflect all of the offers available in your region. Although we strive to provide the most accurate data possible, we cannot guarantee its accuracy. The content displayed is for general information purposes only; always verify account details and availability with the financial institution before opening an account. Contact [email protected] to report inaccurate info or to request offers be included in this website. We are not affiliated with the financial institutions included in this website.