When it comes to convenience, banking via the drive-up window and ATM is so 20th century. The latest solution for a time-crunched society is banking on the go via smartphone app and SMS.
SMS stands for short message service, also known as texting. Text banking offers conveniences similar to those available via other types of mobile communication without requiring a smartphone. It allows you to stay in touch with your bank -- with services like checking your account balance, viewing recent transactions, finding the nearest ATM or receiving overdrawal warnings -- anywhere that you can use a cellular device. These services are usually free, although you'll have to enroll in your bank's texting or mobile program, and your regular text messaging charges will apply.
But are these services safe to use? For your protection, text messages from your bank will identify your accounts only by their last four digits or by the nicknames you give them. And your account will be set up to accept commands only from the phone numbers you register.
However, just as the infamous Willie Horton reputedly said that he robbed banks because that's where the money was, cybercrooks are finding that there's money in SMS-based banking. To understand why, you have to know a bit about how SMS works. Cellular phone calls and text messages are transmitted via radio channels from your phone to local antenna towers. When you send a text, your phone shoots a short (160-character maximum), unencrypted blip of information along a common radio channel called a control channel. This is also the channel that your phone connects to every time it checks for a tower in range or receives a phone call. Because texts are unencrypted, and because control channels are shared by all phones in range of the tower, it's relatively easy for thieves to pluck information from them -- though no information sent over the radio waves of a cellular network is 100 percent safe.
You can protect yourself from SMS security risks by following a few simple guidelines:
- Never send your full bank account number (or any other private information, like your password or PIN) via text message.
- Check text messages for your bank's unique short code, the "return address" phone number that identifies official messages. Don't respond to messages that claim to be your bank but come from different or unlisted numbers.
- Delete texts from your bank after reading them to keep information about your account out of the wrong hands in case your phone is stolen.
- Report a lost or stolen phone to the bank and your wireless carrier.
If you're careful about what information you send and receive, communicating with your bank via text message is mostly safe. Just remember that when you put important financial information on your phone, you're turning it into a secondary wallet: Take every precaution with a phone you use for banking that you would with your wallet.
- Beam, Christopher. "How Do You Intercept a Text Message?" Slate.com. March 7, 2007. (Oct. 6, 2011) http://www.slate.com/articles/technology/technology/2007/03/how_do_you_intercept_a_text_message.html
- Federal Bureau of Investigation. "Smishing and Vishing and Other Cyber Scams to Watch Out for This Holiday Season." Nov. 24, 2010 (Oct. 11, 2011) http://www.fbi.gov/news/stories/2010/november/cyber_112410/cyber_112410
- Kitten, Tracy. "Mobile Banking: How Secure Is It?" Sept. 7, 2010 (Oct. 9, 2011) http://www.cunatechnologycouncil.org/news/3814.html
- Saranow Schultz, Jennifer. "Banking by Text Message." New York Times. Feb. 25, 2010. (Oct. 13, 2011) http://bucks.blogs.nytimes.com/2010/02/25/banking-by-text-message/
- Susquehanna Bancshares, Inc. "Frequently Asked Questions About Mobile Text Banking." (Oct. 11, 2011) http://www.susquehanna.net/PersonalBanking/OnlineServices/MobileTextBankingFAQs.aspx
- Zetter, Kim. "Hacker Spoofs Cell Phone Tower to Intercept Calls." Wired. July 31, 2010. (Oct. 13, 2011) http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/