The conveniences of modern technology have us expecting all of our resources to be at our fingertips twenty-four hours a day, seven days a week. However, when it comes to using mobile banking apps safely, your best bet is to use plenty of caution.
It’s easy to forget how vulnerable our personal information can be when our transactions seem so watertight and effortless. Think about it for a minute though. We live in a world where you can pull a device out of your pocket, tap the screen in a few places, and thirty minutes later pizza will arrive at your door.
It seems so safe and self-contained. It’s easy to forget what’s happening. You’re sending your personal data, allowing another entity to take money directly from your account.
Gone are the times when we were too timid to use our real names on America Online. Nowadays we’re more than willing to give all of our banking information to a third-party app we just found in the Google Play Store five minutes ago.
When it comes to using your Android device to manage your finances, there are eight simple guideposts you can pay attention to if you want to make sure your data and dollars stay in secure hands.
Use a Recent Device
That statement may seem like bending to the cynical marketing technique of “planned obsolescence,” the process through which companies deliberately build devices to become unusable so that you have to buy the new one. When you think about it, however, it’s just an extension of common sense.
I have an Asus EEE Transformer that I still adore even though I got it all the way back in 2011. I use the Transformer for writing and gaming, but I would never use any banking software on it. Why not? Because my Transformer is still running Android 4.0.3, which hasn’t been updated or patched in years.
Creating security isn’t like building a submarine. Submarine Engineers plan on the water to behave pretty much the same way. So once they figure out how to keep water on the outside and air on the inside, those rules aren’t going to change much. Submarine builders can continue building submarines using the same basic techniques for decades.
Developing an operating system’s security is much closer to a Darwinian arms race than it is to submarine construction. Nothing will forever be watertight. Every operating system, no matter how advanced, will have security flaws. As devious people discover these flaws, the developers have to patch them up. That means if you want to do something that requires a high level of security, like banking with your phone, you need to make sure your device is still being actively updated.
Android 4.0.3 was patched with more recent updates fixing many of its flaws. However, we’re all the way to Android 5.1.1 at the time of writing. My Transformer can’t handle 5.1.1, so that means it’s stuck running on a compromised operation system.
Moore’s Law implicates any device on the cutting edge will eventually fall behind on the curve. If you positively want security, you have to stay at the forefront of the technological arms race, and that means having a new-ish device.
Have a Large Bank
I know you really want to support your local institutions. You’ve probably got some excellent reasons for banking with Honest Uncle Dale’s County Community Family Bank. After all, didn’t the big banks cause the 2008 collapse of the entire U.S. economy? Isn’t banking with a local company putting money back into your neighborhood instead of propping up a faceless multinational megacorp?
Yes and yes, but if your bottom line is safe mobile banking, you have to go with the big guys. There are several reasons for this unfortunate inevitability, but all of them eventually boil down to userbase diversity and financial capability.
Most devious hackers wanting to steal banking information are going to target the largest financial institutions. Counterintuitively, this is a benefit, not a liability. Banks like Chase and Citibank have a vast pool of experimental data to pull from because of their large user base.
There are thousands of attempted security breaches on their software every day presenting a boatload of opportunities to improve their security measures. Moreover, they have the means to throw large amounts of money into secure software development.
If Honest Uncle Dale’s County Community Family Bank came under that devious, pressing attention, the security flaws of their homespun mobile banking software would crumble almost immediately. Moreover, they probably won’t have the resources to update it as efficiently and robustly as the big guys can.
This is similar to the Walmart dilemma in a different package. Sure, shopping at Walmart pulls money out of your community, but if your top priority is stretching your paycheck, then it’s hard to justify alternatives. Likewise, banking big may sap your soul, but their software security is hard to beat.
Research Your Third-Party Banking App
While picking a big bank and using their preferred banking app is the safest route, you may want to use a third-party application to track your expenses and budget. The most popular of these by far is Mint, which is available in the Google Play Store.
It’s tempting to dive into a new banking app with the same fervor and optimism as a brand new game. Remember though, you’re giving these banking apps your most sensitive information and direct access to your finances.
Regardless of a third-party app’s popularity or how techno-savvy your friend who recommended it seems, it’s important to do the legwork and research a new banking app extensively before passing out your account and routing numbers. Find more than one source. Read reviews and news articles, and pay close attention to the warnings of others. You really can’t be too careful in this situation.
Don’t Allow Installation of Apps from Untrusted/Unknown Sources
Maybe last month you were feeling a little nostalgic, and you decided to take a stroll from Pallet Town to Indigo Plateau on the Gameboid GameBoy emulator. One of the steps you took was to enable the installation of apps from unknown or untrusted sources.
Allowing apps from unknown sources isn’t necessarily a bad thing by itself. Android and the Play Store have authentication measures in place to ensure applications downloaded by the usual channels meet very specific standards of security. If you’re wanting to do some off-the-beaten-path things with your Android device, then checking the box is a way of saying “I understand the risks and wish to proceed.”
However, if you’re looking to use your phone for mobile banking, a good rule of thumb is to keep that box unchecked and to uninstall any non-market apps you’ve downloaded. Most developers are good folks who just want to give their users the product they’re promising. But when it comes to your banking information, it’s best to make sure you’re behind as many security measures as possible. Staying in the gated neighborhood of the Google Play Store is an easy one.
Not rooting your device adds to the previous point about keeping your Android secure.
When you root your phone, what you are doing is taking full control of the device. The manufacturers have limits in place for functionality and security reasons. Root users, however, like to push their device to the absolute limits.
Rooting is amazing because it unlocks a lot of unused potential in a device. But, it also means you’re pushing many of the tried-and-true security protocols to the side or disabling them.
If you are using your phone for banking purposes, avoid rooting your phone unless you are an extremely high-end user who is aware of all the risks and who is taking preventative action.
Use Extra Security
Android devices come stock with basic security, and any apps that store sensitive information will require a password (or at least a Personal Identification Number). Nevertheless, you should bear in mind that these security measures are bare minimum baselines. They are designed to be idiot-proof, so to speak, but that is all. They are to keep people who don’t know any better from making dangerous decisions with their data.
If all you have on your phone is a pattern key lock and a banking password that’s the same as your Gmail password, then you have some serious security issues.
For example, one anti-virus program is sufficient. Having two or more can often result in an anti-virus turf war because each app is trying to cover the same aspect of your phone’s security.
However, having an anti-virus program as well as App Lock is an excellent idea because the anti-virus protects you from bad software while App Lock protects you from bad users. Add in Wi-Fi Protector, and now you’ve covered three potential security flaws. Use different measures to protect different vulnerabilities.
Avoid Banking on Unsecured or Public WiFi Networks
There is a reason your phone warns you when you are connecting to an unsecured wireless network. A crafty enough crook on the same network can see every packet of data that you send and receive over it, and that includes usernames and passwords.
This rule applies not just to banking, but also to any activity that involves sending and receiving sensitive information. A general rule when using a public network is to remember that it’s a lot like having a conversation aloud in a public place. There’s a good chance that nobody is eavesdropping on you, but if they wanted to, it wouldn’t be that hard.
If you’re out and about, especially in a large city, consider using some of your plan’s precious cellular data instead of connecting to Starbucks Wireless. It might just save you the massive headache of having to deal with identity theft.
Use Default Keyboards
A third-party keyboard doesn’t seem like a security risk to most people. They can make life a breeze for the fast-fingered typist on the go by predicting what you’re going to say next and filling it out for you. Swiftkey is a particularly brilliant little keyboard that takes much of the hassle out of touch-screen typing.
However, the reason that Swiftkey and keyboards like it are able to predict your next word is because they track and log your keystrokes.
Now, I’m sure the folks over at Swiftkey are standup guys. But, when it comes to banking, it’s best to use a regular dumb keyboard that doesn’t document your every typo. If it’s logged somewhere, it can be read somewhere.
Security is all about awareness. Our engagement with technology is becoming increasingly effortless, so it’s becoming easier not to think about all the ways we’re spewing our personal information around. When it comes to protecting your assets, all it really takes is a few extra precautions and a tablespoon of perception.
You don’t have to turn your phone into a labyrinth of redundant passcodes and authentication procedures. But, increasing your security beyond the default settings can go miles toward keeping your banking information safe. Also, stay aware of unsecured wireless networks and don’t install any apps that you don’t trust. Abiding by these procedures can ensure a much safer mobile banking experience.
Have any other tips to help others bank safely while on the go? Let us know in the comments.