NEW YORK (MainStreet) — Numbers from the Federal Reserve are a smack in the face of mobile banking proponents. Some 87% of U.S. adults have mobile phones, but only 39% have used mobile banking in the past year. Among smartphone users, just 52% have used mobile banking in the past 12 months, up a slim 1% from the year earlier. The take-away: mobile banking adoption has stalled.
What’s the hang up? Per the Fed: “Concern about the security of the technology was a common reason given for not using mobile banking or mobile payments (62% and 59%, respectively, of non-users).”
Just one problem: by any measure, said multiple experts, mobile banking is dramatically more secure than online banking. Online banking has been under assault by criminals essentially since it launched in the U.S. 20 years ago. Literally millions of computers are infected with malware called Zeus and variants that are created to “keylog” - copy - banking usernames and passwords and communicate them to a control that puts them to use stealing the money of victims.
Mobile banking’s safety comes down to numbers. There are millions of malware strains targeting online banking users - on both Windows and Apple laptops and desktops, said identity theft expert Robert Siciliano. But, he added, there are only “tens of thousands targeting mobiles, Android specifically.”
There are of course some targeting iPhones - especially jailbroken phones - but the numbers are small, said experts, mainly because Apple continues to be vigilant in guarding its apps store (recent lapses aside).
“Mobile banking is the safest way to bank. There is no question about it,” said Sajad Ghanizada, formerly with Homeland Security, now with Hurdlr, a support service for Uber drivers. Mobile, said Ghanizada, just offers criminals few attack vectors: “It requires a lot more work to compromise a mobile app or phone than a website that you can have access to from anywhere in the world, 24 hours a day.”
Then, too, mobile has unique advantages. In particular, it allows for smarter decisions by the financial institution, said Kim Mangrum, a senior vice president at Point Breeze Credit Union in Maryland. She specifically pointed to multi-factor authentication, device recognition and smartphones, where if you are logging in with a new iPhone6S - previously unknown to the credit union - the system will know the device is new. The system will ask how you want to be verified - by a phone call, text message or email. A onetime use code is sent, you type it into the appropriate box, and bingo, you are in.
Many other banks and credit unions offer similar.
Point Breeze - a mid-sized credit union with under $1 billion in assets - also offers members the option to use Apple’s Touch ID fingerprint recognition to log into mobile banking, said Mangrum, who added, “We are very excited about these security features.”
A PayPal spokesman pointed to another advantage unique to mobile: “The location data tied to a mobile device, actually allows account verification more effectively.”
A mobile phone knows where it is and that’s valuable in authenticating a transaction. If you generally sign in from Phoenix but now you are signing in from Juarez, Mexico, that’s a red flag. It does not mean the transaction is fraudulent, but it does mean it’s worth a closer look.
Add up the inherent advantages of mobile phones, along with the paucity of malware targeting them, and it’s easy to see why most experts insist mobile is the more secure way to bank.
Don’t assume that mobile banking is absolutely without risk, however. There is one big one, pointed to by multiple security experts. We are seeing more phishing email and also a lot more email with links to malware contaminated websites. Criminals know you are too savvy to click on that malware link on your desktop or to fall for a phish - but on a small smartphone screen? Just maybe. But click on the wrong link, answer the wrong phish, and you are done.
That is why a building block of lasting mobile phone security is this: practice safe surfing and be cautious about what to click.
But an even bigger threat is the lost or stolen phone. A number that is thrown around is that every minute 113 mobile phones are lost or stolen in the U.S. That’s why there are two more steps to gain mobile banking security.
Second step: put a passcode on your phone or, with iPhone, enable Touch ID. That simple step is enough to keep most criminals from getting inside your phone (most are simply interested in stealing the hardware anyway).
Last step: be sure phone data is encrypted. That’s automatic once a passcode is set on iPhone. With Android, go to SETTINGS/SECURITY - and click to encrypt data. That keeps out just about all but true professionals.
Take just those steps - and leverage the built-in mobile phone advantages - and you can be confident that your mobile banking sessions are likely to be secure and safe. It’s that simple.