Americans don't necessarily trust mobile banking technology and are not the most adept at using mobile in ways that better protect their financial data and that maximize digital banking services.
That said, mobile banking is certainly growing on financial services consumers.
According to KPMG's Global Mobile Banking Report and UBS Evidence Labs, the number of mobile banking users globally is forecast to double to 1.8 billion over the next four years, representing over 25% of the world's population according to KPMG.
Yet in a recent survey from MyBrankTracker.com, only 6% of respondents "trusted mobile technologies for their banking needs and financial transactions."
While banks and other financial institutions can always do a better job of protecting their mobile customer's data, a good chunk of the "vulnerability" blame game lies with mobile users themselves.
MyBankTracker does a yeoman's job of listing some of the most common (and costly) mistakes mobile banking users make on a regular basis.
Exhibit A - using mobile banking apps over public WiFi.
"Information sent through a public hotspot isn't encrypted, so other network users can access your activity," says Alex Matjanec, co-founder and CEO of MyBankTracker. "If you're using an unsecured Wi-Fi network, anything you send into cyberspace is there for taking for hackers. If there's no way around public WiFi, access your bank through their website on the Internet as long as it's encrypted as opposed to the bank's app."
Other experts also stress the importance of being patient and avoiding unsafe WiFi that may be available at a particular moment.
"Consumers connecting to free, open and insecure WiFi are at the highest risk of fraud," notes Robert Siciliano, an identity theft expert with BestIDTheftCompanys.com. "It's wise for consumers to either wait until they are on a secure network or deploy a virtual private network software (VPN) prior to doing any online mobile banking."
Another mobile banking no-no - storing your payment or login information on a mobile banking or shopping app.
"Storing your information is a good way to invite someone to steal your password or hack your debit and credit card numbers," says Matjanec. "If you use multiple cards to pay when you shop online, a smarter option is to use a mobile wallet like Apple Pay or Android Pay. If you're not comfortable using one of these apps or you just don't have a compatible device, you want to make sure you're logging in manually every time and logging out when you're done."
Mobile banking users could also do themselves a big favor by actually using the data security features banks offer them. "If you haven't opted in to receive security alerts from your bank, you may not realize that your mobile banking activity has been hacked until a thief has already drained your account," Matjanec adds. "Alerts include: changes to your username and/or password, unusual login activity, large transactions and changes to your email address or phone number. If you use an app like Mint to monitor multiple bank or credit card accounts in one place, you want to make sure you're turning on the security alerts here as well, so there's no chance of anything slipping through the cracks."
Passwords are another easy path for fraudsters to take to separate you from your identity, and your money. "For years, passwords have been the foremost means by which businesses authenticate customer access to online and mobile services," says Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. "Password-based authentication is easy and familiar for customers and is initially inexpensive for businesses to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used."
Durbin says that with the popularity of services such as mobile banking and shopping, the sensitivity of digital information has increased dramatically. "However, with more sensitivity comes increased risk," he says. "At the same time, the strength of authentication based on a single password has steadily declined. New technologies and techniques have made passwords more vulnerable to a wide range of attacks, as evidenced by recent data breaches. These limitations are not going away."
Besides strengthening your password, make sure to lock your phone unless you enter a passcode or some other form of authentication (e.g., swiping, fingerprint impression, facial recognition, etc.,) says Matjanec.
"Some people don't bother to log out of their accounts when they're done," he says. "Also, opt for your mobile banking apps to save usernames and passwords, or make yourself enter them manually. Or, set up other forms of more secure authentication methods. For example, Chase and American Express make it very easy to log into your account via fingerprint authentication on the iPhone."
One last tip - set up your device and email for two-factor authentication.
"Many mobile banking apps require that you authenticate a device when logging into your account on that device for the first time," Matjanex adds. "The bank will ask that you enter a temporary secure code that was sent to you via text message, email or phone call. Without the code, you cannot login through mobile banking, even if you use the correct login username and password. This security layer prevents someone else from logging into your bank account from their own smartphone."
No doubt, the mobile banking revolution is upon us and forward change is always a good thing. Just don't let all that progress distract you from job one with any financial tool or technology - make sure you keep your data safe.