NEW YORK (MainStreet) — We are at the tipping point: a study out of Bank of America makes plain that we are diving into mobile banking and, in the process, bank branches are receding in importance. Also diminishing in importance, to an extent, is online banking on a desktop or laptop computer. But that shift raises big questions, chief among them: are you safe when mobile banking? And what can you do to increase your safety? Those worries gnaw at many of us and are often why we don't bank with a mobile device.
Know this: right now most bank security experts agree that mobile banking is safer than online banking, mainly because crooks have had 20 years to bake sophisticated schemes for pilfering via the the online banking channels (in 1994 the Stanford Credit Union in California introduced online banking). But that is changing fast. Crooks follow the same trends we all do. As we shift to mobile banking, so do they - and they are fast at work concocting new breed malware and phishing schemes to separate our login credentials from us. That is why experts insist that now is the time to toughen up our mobile defenses.
How? Experts tick off six steps to mobile banking security.
*Enable a PIN, said Frederik Mennes, security competence center manager with VASCO Data Security. Note: two in three of us do not, according to research by Consumer Reports. It takes a few seconds to set up a four digit PIN - do it in SETTINGS, in iPhone, also Android - but it is enough to deter all but determined data crackers. Yes, it’s a minor bother when logging in but that bother is a whole lot less than the pain of losing an unprotected phone (and 4.5 million U.S. smartphones were stolen or lost in a recent year, according to Consumer Reports). Apple’s TouchID, by the way, where a fingerprint stands in for a PIN, is an adequate substitute, said most experts.
*Be suspicious of incoming email that purports to be from your bank and asks you to click on a link is advice from Adam Levin, chairman of IDT911, an identity theft protection firm. Thieves love to spoof trusted companies and they know you just may give up your login if you believe it’s your bank asking. And it can be harder to eyeball an email for authenticity on a mobile device’s small screen. Word of advice: ignore the email link. Go directly to the bank’s home page. If they want info from you, they will tell you at their website.
*Don’t use public Wifi to bank, urged Domingo Guerra, president of Appthority, a mobile app risk management company. Public WiFi - at coffee shops, hotels, airports, many restaurants - is unsafe for secure transactions, agree most experts. You want to read the gossip in the New York Post’s Page Six - or maybe it’s the sports news at ESPN? Go for it. Just don’t log into important sites that involve a password. A work around available on most smartphones: Create a mobile hotspot (on Android go to SETTINGS/portable hotspot). That’s a private - and reasonably secure - connection.
*Only download apps from Google Play or Apple AppStore, said Andy Hayter, security evangelist at G Data, a developer of anti-malware apps. Download elsewhere and it really is buyer beware. Just don’t, especially since the smartphone has become what amounts to a mobile bank branch in your hand. Too much is at stake.
*Continually update apps is advice from many experts. Yes, it may seem annoying - there often are blizzards of updates, on both Android and iPhone. Do not ignore them. Many are security related and, usually, updates only take a few seconds, at least over WiFi. Download them and know that you are about as secure as you can get.
*Ask your bank if they offer multifactor authentication before allowing a transaction, said Brian O’Hara, senior security consultant at Rook Security. Many institutions do; it works like this. Attempt to log into, say, Affinity Federal Credit Union in Basking Ridge, NJ and the institution often prompts you to choose an email, an SMS, or a voice call to authenticate. You are given a six-digit PIN. Type it in and you are good to go. If a bank does not offer likewise, bank elsewhere is advice from many security conscious experts.
Do you need to install antivirus and/or anti-malware on your phone? Experts are divided. Many - particularly those employed by companies that make the stuff - insist it’s a must. Others say it adds little to nothing above the security built into Android and iPhone. Word of advice: many cautious Android users do install such apps, if only because there are more reported lapses on the Android side of the house. Call this as you see it, but recognize that a continually checking security app honestly adds only seconds of delay in a day - and it may pay off big time if there is a user error. That, say most experts, is just about always where smartphone security problems start.
Take just those few steps and breathe easily. Mobile banking really is secure. Just keep it that way.