Dr. Security gives tips and answers questions related to cyber security. This time, it is about the security of mobile banking apps.
Question
Hey, I’m always a bit scared to use the mobile banking app because of security reasons - Are smartphones less secure than traditional PCs? What’s your opinion? (Wiebke from Munich, Germany)
Answer
Hi Wiebke,
Thank you for your question and I actually hear this from a few other people as well, so I am happy to help you debunk this fear.
Over 36% of the world’s population currently own a smartphone. This roughly translates to 2.53 billion people*, so it is a natural evolution that banks and other companies have started to offer their services on the smartphones to reach their users. If you are anything like me, opening hours at the bank are not easy to juggle between fending off cyber threats and protecting our customers. In addition, you often have to queue before you get facetime with a bank teller. The beauty of online banking is that it helps circumvent all of this. You can check your account no matter what time of the day it is, pay your recurring bills automatically, and so on and so forth.
However, there is still a misconception around the fact that mobile phones are not secure enough to perform sensitive actions on them, such as online banking. A lot of people believe that online banking on their desktops or laptops is more secure than completing the same transaction on their smartphone. This stems perhaps from the fact that desktops are typically at home or at work (i.e. in a secure and trusted environment), whereas mobile phones go wherever you roam.
Contrary to popular belief, from a security perspective it is actually safer to use the mobile banking app, than the web counterpart. Mobile devices for the moment are still less prone to malware attacks than computers. This is due to the fact that most malware found on computers are created to infect the masses through, among other things, browser-based vulnerabilities. Since mobile operating systems (e.g., Android or iOS) were created based on the learnings of security weaknesses found on computers in mind, they are developed in a way to restrict the possibility of mass infections as much as possible. This being said, there are still some easy but simple tips you can follow to practice good smartphone security.
For one, be diligent when downloading a new app – and not just a banking app or one that deals with more sensitive information. Before downloading an app, check to see that the app developer has good ratings. Most banks now officially offer their own e-banking apps as it is more secure to send information through them, than via SMS or email, since any information transferred across a network by the app will be encrypted. These apps are often built with the highest security standards such as two-factor authentication (2FA) and fingerprint scanning in addition to account credentials, to enter and confirm sensitive actions. If you are downloading a banking app, make sure that it is one and the same app developed by the bank and not another provider. Typically, you will be able to find the link to the app store on the bank’s page. Make sure that the app is verified before downloading and installing it.
Even more importantly, do not jailbreak (iOS) or root (Android) your phone. I know, sometimes, the temptation is there. But be aware, the act of rooting your phone removes all the safeguards that have been put in place by the Operating System developers. Actually, rooting your device makes it almost impossible to guarantee any level of security. That is why some banks try to detect rooted mobile devices and prevent their applications from functioning on them.
When it comes to links, never enter your bank account information or e-banking password if you receive a link sent to you via text message or e-mail. These links could potentially lead you to spoofed website that looks exactly like the bank’s official login page but is actually relaying all the data you have entered directly to attackers (something known as phishing). Enter your bank’s web address (URL) into your phone and bookmark it. Better yet, use the official bank app if it is available.
With that said, using the mobile banking app is significantly safer than on the desktop. This is why Futurae, Google or Duo offer mobile-based secure authenticator apps. You can also find Futurae’s authentication solutions already incorporated on many mobile apps in the financial industry among others, ensuring that in case your mobile phone ends up in the wrong hands, your data is still safe and locked away.
I am happy to answer your questions, so do not hesitate to write to the Doctor at: doctor@futurae.com.