Check your phone settings before using Mobile Banking Apps!

So many of us, myself included, love our monile banking apps.  We can tell instantly our bank balance, recent transactions, if our deposits posted, even many times deposit a check without ever going to physical bank (or even an ATM). Banking apps can be a major convenience, but they also come with risks. Make sure your data is secure.

Credit Getty Images

Credit Getty Images

The “bad-news” multiple research reports — claiming wholesale security flaws in mobile banking apps — keep winning headlines.

And they have to scare you.

Praetorian, a security firm, said in its report that eight of 10 mobile banking apps contain security weaknesses.

IOActive Labs Research claimed in its report that 90 percent of iOS financial services apps contain grievous flaws that put users at risk.

The question has to be asked: Is it now too risky even to think about using mobile banking apps?

Dennis Fisher, security evangelist at Kaspersky Lab, which probes Internet vulnerabilities, noted: “Consumers need to weight the convenience of these banking apps against the risks that some of them present. Much of security is about trade-offs, and this is no different. Users should be very concerned about the vulnerabilities found in these apps…. There are too many well-known attacks that can be used to intercept plain-text traffic and steal users’ credentials.”

Put another way: Mobile banking apps indeed have risks, but those risks may – or may not – be enough to dissuade you from using them.

Then, too, Terence Kam, founder of consulting firm, observed: “No matter how unsafe mobile banking apps are, they are still safer than banking through the web browser in your PC/Mac. Mobile devices operating systems are much more secure than PC/Mac operating systems because the latter is based on code design written decades ago when security and connectivity were not issues. Mobile device OS are designed to make it extremely difficult to tinker (in Apple’s iOS, it is designed to make tinkering impossible), which means it is extremely difficult for malware to subvert the OS in order to steal information.”

Chew on that, and know it is fact. Just about all security researchers agree there are vastly more dangers with banking on a Windows based PC – where criminals have decades’ worth of experience undermining protections and tricking users. Mobile phone operating systems, as Kam noted, were built from the ground up with full awareness of the possibility of security risks.

Experts also say there are two must-do’s and one must-not-do that, if observed, will give every mobile banking user a headstart on a high level of security.

The must not do is: don’t even think about jailbreaking an iPhone or rooting an Android. Yes, doing so lets the user break free of a restrictive sandbox and that might be fun – but forget about using a jailbroken or rooted phone for mobile banking, m-commerce, or anything that involves a user name and password that you value.

A problem with jailbreaking: it nullifies many built-in protections in iOS and Android.

The bigger problem, especially on the Apple side: a jailbroken phone can download apps from anywhere, not just the Apple Apps Store, where security checks on uploaded apps are rigorous. Download from anywhere, and that ups the possibility of encountering a counterfeit app and “we are seeing more of those,” said Domingo Guerra, president of Appthority, an app risk management firm.

Counterfeit apps – often legitimate versions of banking apps that have been hijacked by criminals and fitted with toxic extras that may steal a user’s credentials and money — are ever more popular, because this is the easiest way to deliver malware to mobile banking users.

For Android users, the advice is to download only from the official Google Play store or from Amazon’s Apps Store where, say developers, inspections rival Apple’s in rigor.

As for the to-do’s, the first is: Set up a four-digit pin that locks the phone or tablet when it is not in use. Do that under “SETTINGS.”

Fail to do that, and anybody can pick up your device and start clicking away.

Create a PIN, and that is a big protection.

In iOS, setting a PIN also activates data encryption, which means that even if a thief were to find a way into the phone, he would be confronted with indecipherable gibberish.

In Android, data encryption requires a separate step. Under “SETTINGS,” click “Security and Screen Lock,” then data encryption.

Do that, and are you safe enough to use mobile banking apps? That is your call, but know this: Mobile banking is the financial sector’s fastest-growing channel, with many experts predicting that this year it will eclipse online banking in volume. Reports of criminal activity in mobile banking have been numerous but, mainly, scattered and with few victims, typically in Asia or Eastern Europe. In the U.S., not so much – so, obviously, consumers are voting with their taps on glass, and what they are saying is that mobile banking looks safe enough to them.


About The Mental Meddler

A quirky, opinionated gay guy who offends both liberal and conservatives.

Posted on March 22, 2014, in Money, News & Politics, Online Life, Technology and tagged , , , , , , , , , , , . Bookmark the permalink. 1 Comment.

  1. Reblogged this on Ijaz Anwar and commented:
    Mobile banking can be a huge convenience, but it can also be a huge security risk. Online banking is a big relief because it is instantaneous. You can check your balance, deposit a check or make a transfer with the ease of your smartphone. All things sound great on the surface, but you need to be aware of security threats that loom. One way to be sure you are mobile banking safely from hackers is the application itself. Are you downloading the application from a trusted mobile store like the App Store or Google Play? You should also use an application than your browser when banking on your smartphone. For instance, don’t go to via your smartphone, but rather the official Chase mobile banking application. These are just a few tips to consider.


%d bloggers like this: