Worried about the risks in mobile banking? Follow these best safety practices

Barbara Whelehan, Bankrate.com

More bank customers discovered the convenience of mobile banking as branches temporarily closed during the pandemic, and evidence suggests the behavior will stick. A survey released in May 2020 by bank technology provider FIS found that 31% of respondents intend to do more online and mobile banking.

But how safe is conducting bank business this way? Here are some of the risks, and the steps you can take to reduce them.

Is mobile banking safe?

Mobile banking is convenient and safe, say cybersecurity experts, but consumers need to take certain precautions.

“If you download the mobile app from a secure site, that is just as safe as visiting a bank branch,” says Paul Benda, senior vice president of risk and cybersecurity policy at American Bankers Association.

As he sees it, the best place to download an app is from your bank’s website, which provides the right link to the bank’s app.

“Banks use extremely secure, high-end encryption technologies,” Benda says. “We like saying that mobile apps are like having a bank branch in your pocket.”

How banks protect consumers

Financial institutions invest heavily to thwart cybercriminals.

JPMorgan Chase CEO Jamie Dimon said his firm spent nearly $600 million on cyber defenses in 2019, calling the threat of cybersecurity quite possibly “the biggest threat to the U.S. financial system.”

“I think it’s safe to say banks spend billions to protect customer accounts,” says ABA’s Benda. “Due to Regulation E, they’re on the hook if there’s an attack.”

Regulation E limits consumer liability to $50 if an unauthorized electronic funds transfer is caught by a customer within two business days, and up to $500 if caught outside the two-day window. Financial institutions are responsible for everything above those amounts.

“Banks have very robust controls in place to control fraudulent activity, but a lot depends on making sure consumers follow safe practices,” Benda says.

Watch out for these cyberattack types

There are myriad ways that fraudsters directly target consumers, but the FBI describes two forms of cyberattacks in particular:

  • App-based banking Trojans: These are hidden in unrelated apps, such as games or tools, that are downloaded from unofficial sources by unsuspecting consumers. These “sideload” apps could conceal malicious programs that lie dormant until a user launches a legitimate banking app. Then the Trojan springs to life, creating a pop-up that mimics the bank’s login page. Once consumers enter their username and password, they are seamlessly passed on to the legitimate banking app login page and don’t even know they’ve been scammed.

“The malware can be downloaded in a variety of ways, such as (text message) with a malicious hyperlink,” says Teresa Walsh, global intelligence officer at Financial Services Information Sharing and Analysis Center, an industry consortium focused on reducing cyber-risk in the global financial system.

  • Fake banking apps: These are another major threat. They look like the real apps of major banks and are designed to trick users into entering their login credentials.

Should you use a mobile banking app?

If you’re worried about using a mobile banking app, be aware that security threats exist everywhere, including inside the bank lobby.

With a mobile app, “there are potential vulnerabilities related to the app itself – vulnerabilities in code, encryption methods, etc. – and also potential vulnerabilities related to the transmission of information,” says Donald Korinchak of CyberExperts.com.

Here’s the good news: “Banks invest heavily to ‘bake in’ security,” Korinchak says. Financial institutions look for vulnerabilities in their app that can be patched before they are exploited by criminals.

RELATED: How to help family members embrace unfamiliar technology — at any age

Categories: Food