How do I know if my banking app is secure?

If you've ever lost your mobile phone, even for a minute, you know the sense of panic you experience from the moment you reach for it and realize it's missing until the moment it turns up and it's back in your hands. Aside from the huge inconvenience of losing all your contacts (and the sheer creepiness of knowing that a random stranger might be viewing your photos and text messages), if it's a smartphone, it might even contain sensitive information that could compromise your financial security.

In the last quarter of 2010, nearly 30 million Americans used their smartphones or tablet computers to access a bank, credit card or brokerage account, and that number is expected to grow to at least 50 million by 2015 [sources: comScore; Urban]. Consumers are increasingly drawn to the convenience of mobile banking, and use banking apps, mobile browsers or text messages for everything from transferring funds and completing stock transactions to checking their account balances or depositing checks. Mobile banking also offers the promise of immediacy, and can send alerts if your account balance drops below a certain threshold or if suspicious charges post to your account. These real-time updates can help you avoid overdraft fees and react quickly to fraudulent activity, but do the benefits of on-the-go access outweigh the risks?

In a 2010 survey of mobile customers, 33 percent of smartphone users cited security concerns as the primary reason they avoid using their phones to access financial accounts [source: comScore]. Is their reluctance justified? What can banks do to ensure the security of online banking apps, and how do you know if your banking app is secure? Read on to find out.

Understand the Risks

Hundreds of financial and personal banking apps are available in the Apple App Store, the Android Market and BlackBerry App World. Some are created and distributed by individual banks or credit card companies, including Chase, Wells Fargo and Bank of America, while others such as Mint, Pageonce and Mobile Checkbook are designed to help users manage bank accounts, loans and investments across multiple financial institutions. The security risks associated with mobile banking applications fall into the following three general categories:

The data you save. If your phone (or a banking app on your phone) stores personal information such as passwords, account numbers or transaction histories, your data could become accessible to someone who finds or steals your phone. Likewise, e-mails and text messages that you exchange with a financial institution (or even with your spouse) and store on your phone may contain account numbers or other sensitive information.
The data you send. If you connect to your financial institution over an unsecured or public Wi-Fi network (such as one in the airport or coffee shop), it's possible for a third party to intercept your personal financial data. Banking apps with insufficient encryption can also leave you vulnerable to identity theft [source: Barrington].
The applications you choose. The description in the App Store or Android Market might sound like just what you're looking for, but what do you know about its source? While new apps are supposedly tested for usability and screened for malicious software before they are added to the iPhone App Store, the Apple iOS has proven vulnerable to security hacks in the past, and the Android Market leaves it up to users to test and review applications [source: Hernandez]. The risk is that unscrupulous application developers could trick users into downloading bogus banking apps -- or even games and other non-banking apps -- containing malware that places personal data directly in the hands of identity thieves. Alternatively, a user could become an unwitting beta tester for a well-meaning but inexperienced developer who's still working out the security flaws in his first-ever banking application.

But don't give up on mobile banking just yet. Banks have a clear incentive to make their mobile applications as safe as possible, and despite the risks, there are specific steps you can take to ensure the security of your personal information. We'll cover the most important ones on the next page.

Think Before You App

The good news is that mobile banking is actually safer, at least in theory, than online banking using laptop or desktop computers, which are far more likely than phones to be infected with malware [source: Roman]. But since mobile banking is still relatively new to the scene, banks are still learning how to manage the risks associated with banking apps [source: Gahran]. For instance, in a recent study by security firm viaForensics, 25 percent of the mobile banking apps evaluated received a "fail" rating, primarily because testers were able to retrieve passwords, PIN numbers or other personal information from users' phones [sources: Crosman; viaForensics].

In the not-too-distant future, our smartphones will feature built-in security features such as facial biometrics and fingerprint recognition to prevent access by anyone other than the phone's rightful owner [source: Fenston]. Until then, keep the following tips in mind to ensure that your mobile banking transactions are secure.

If you want to use your bank's mobile banking app, be sure to download it directly from the bank Web site, not from your phone's application store or a link that you follow in an e-mail. Select a strong password, and if you must write it down, store it somewhere safe, far away from your phone. Most importantly, avoid having your phone "remember" your login information or pre-fill the username and password fields.

If you want to use a third-party banking app that lets you monitor and interact with more than one account, take the time to research popular apps and select one that has positive reviews and a large number of downloads. Before you install any mobile app -- banking or otherwise -- be sure you understand what areas of your phone it will have access to. If the permissions seem excessive, consider whether you really need the application, and whether you understand why it needs to access the areas it does. Avoid using mobile banking apps or sending sensitive e-mails or texts over public or unsecured Wi-Fi networks; instead, use your wireless carrier's network.

Even if you don't use your smartphone for banking, it's a good idea to activate the screen lock function. Again, be sure that the password doesn't automatically pre-fill; you should be required to enter it every time. Be sure to delete any e-mails, text messages or documents containing financially sensitive information. Last but not least, install mobile security software such as Mobile Defense or Lookout (for Android) or MobileMe (for iPhone), which allow you to remotely "wipe" your phone, erasing all of your information in the event that your phone is ever lost or stolen.

The bottom line: Don't be afraid to enjoy the convenience of mobile banking apps, but proceed with caution. Know what you're signing up for (and who's providing it!) before you download a new application to your smartphone, and guard your phone as you would your wallet or your credit cards. Before too long, it may replace them both!

Lots More Information

Sources

Adams, John. "Two In Five Consumers Believe Mobile Banking Is Unsafe." Bank Technology News. July 2011. (Oct. 2, 2011) http://www.americanbanker.com/issues/176_140/survey-consumers-believe-mobile-banking-unsafe-1040358-1.html
Barrington, Richard. "Ask the expert: Is mobile banking safe?" MoneyRates.com. Jan. 26, 2011. (Oct. 3, 2011) http://www.money-rates.com/ask-the-expert/ask-the-expert-is-mobile-banking-safe.htm
comScore. "Number of U.S. Mobile Financial Account Users Surges 54 Percent to 30 Million in Past Year." March 23, 2011. (Oct. 9, 2011) http://www.comscore.com/Press_Events/Press_Releases/2011/3/Number_of_U.S._Mobile_Financial_Account_Users_Surges_54_Percent_to_30_Million_in_Past_Year
Crosman, Penny. "Security Warning: 25% of Mobile Banking Apps Flunk Test." Bank Technology News. Aug. 8, 2011. (Oct. 2, 2011) http://www.americanbanker.com/issues/176_153/mobile-app-security-1040990-1.html
Fenston, Jacob. "Smart Phone Banking On The Rise, But Is It Safe?" NPR.org. Jan. 4, 2011. (Oct. 2, 2011) http://www.npr.org/2011/01/04/132657646/Smart-Phone-Banking-On-The-Rise-But-Is-It-Safe
Gahran, Amy. "Mobile banking is booming, survey shows." CNN.com. March 29, 2011. (Oct. 9, 2011) http://articles.cnn.com/2011-03-29/tech/mobile.banking.gahran_1_mobile-banking-mobile-financial-services-feature-phones?_s=PM:TECH
Hernandez, Barbara E. "Mobile Apps Security: Apple iOS v. Google Android." PCWorld.com. Aug. 13, 2010. (Oct. 9, 2010) http://www.pcworld.com/businesscenter/article/203274/mobile_apps_security_apple_ios_v_google_android.html
Howard, Niles. "Is mobile banking safe?" Bankrate.com. June 12, 2009. (Oct. 3, 2011) http://www.bankrate.com/finance/personal-finance/is-mobile-banking-safe-1.aspx
Moretto, Brenda. "Guide to Safe Online and Mobile Banking." McAfee. Oct. 5, 2011. (Oct. 9, 2011)
Roman, Jeffrey. Mobile: Combating Malicious Apps." BankInfoSecurity.com. Oct. 11, 2011. (Oct. 12, 2011) http://www.bankinfosecurity.com/articles.php?art_id=4140&pg=1
Urban, Mike. "Mobile Banking Fraud: Controlling it Early." BankInfoSecurity.com. Aug. 23, 2011. (Oct. 9, 2011) http://ffiec.bankinfosecurity.com/blogs.php?postID=1041
viaForensics. "Mobile App Security Study." July 2011. (Oct. 3, 2011) http://viaforensics.com/education/white-papers/appwatchdog-findings-mobile-app-security-iphone-android/