Understand the Risks
Hundreds of financial and personal banking apps are available in the Apple App Store, the Android Market and BlackBerry App World. Some are created and distributed by individual banks or credit card companies, including Chase, Wells Fargo and Bank of America, while others such as Mint, Pageonce and Mobile Checkbook are designed to help users manage bank accounts, loans and investments across multiple financial institutions. The security risks associated with mobile banking applications fall into the following three general categories:
- The data you save. If your phone (or a banking app on your phone) stores personal information such as passwords, account numbers or transaction histories, your data could become accessible to someone who finds or steals your phone. Likewise, e-mails and text messages that you exchange with a financial institution (or even with your spouse) and store on your phone may contain account numbers or other sensitive information.
- The data you send. If you connect to your financial institution over an unsecured or public Wi-Fi network (such as one in the airport or coffee shop), it's possible for a third party to intercept your personal financial data. Banking apps with insufficient encryption can also leave you vulnerable to identity theft [source: Barrington].
- The applications you choose. The description in the App Store or Android Market might sound like just what you're looking for, but what do you know about its source? While new apps are supposedly tested for usability and screened for malicious software before they are added to the iPhone App Store, the Apple iOS has proven vulnerable to security hacks in the past, and the Android Market leaves it up to users to test and review applications [source: Hernandez]. The risk is that unscrupulous application developers could trick users into downloading bogus banking apps -- or even games and other non-banking apps -- containing malware that places personal data directly in the hands of identity thieves. Alternatively, a user could become an unwitting beta tester for a well-meaning but inexperienced developer who's still working out the security flaws in his first-ever banking application.
But don't give up on mobile banking just yet. Banks have a clear incentive to make their mobile applications as safe as possible, and despite the risks, there are specific steps you can take to ensure the security of your personal information. We'll cover the most important ones on the next page.