Mobile Banking and what you need to know!

Tens of millions of consumers today are still afraid to log into their virus laden PCs and most consumers believe the mobile channel is far less secure. Though threats do exist for the mobile channel, it is a fact that mobile is more secure than the online channel. It will take time to educate the market. But if they can be convinced the opposite is true, many will say goodbye to online banking and be willing to adopt mobile services as their go-to channel.

One of the biggest barriers to consumers adopting Mobile Financial Services is fear of security threats. Most consumers are afraid that their mobile device may be “hijacked”; some fear their sensitive information may be intercepted as it travels across a wireless network; and still others worry about the consequences if their mobile phone is lost or stolen. With most mobile devices lacking the personal firewall, anti-virus software and other protections common today on personal computers, these devices can be vulnerable to a variety of security threats, including:

• Malware: A term for “malicious software” that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system, or otherwise annoying or disrupting the victim
• Phishing: Luring unsuspecting customers to provide sensitive personal information or downloading malware through an email. Popular scams including phishing emails that appear to be coming from a FI and contain a link to a spoofed website; the site tricks victims into logging in using their personal credentials, which are then captured by the criminal.
• SmiShing: A contraction of “SMS and phishing”, in which criminals pose as a FI and use SMS in an attempt to gain access to confidential account information. The typical scam informs the mobile device owner that the person’s account was compromised or credit/ATM card was deactivated. The victim is directed to call a phone number or visit a spoofed website to reactivate the card. Once at the website or through an automated phone system, the victim is asked for card, Pass code and/or account numbers.
• Vishing: A contraction of “voice and phishing”, in which victims are tricked into disclosing sensitive personal information through a phone call or voice response unit (VRU).

Security Tips

Customer education is a critical aspect of any sound security approach. A knowledgeable customer is less likely to be ensnared by phishing or other attempts at fraudulent activity. Similarly, a financial institution may eschew the use of a method that may be used in phishing scenarios. For example, customers have been trained not to click on links in e-mails that purport to come from financial institutions. Similarly, users can also benefit from the following best practices:

• Modify the phone's settings so that only messages from authorized numbers are allowed.
• Add the bank’s short code and customer service phone number to your contacts and only initiate SMS and phone calls from your contact list. Do not reply to SMS messages that do not exist in your contact list.
• Do not click on links in SMS messages unless you initiated the SMS conversation with your bank.
• Do not call phone numbers not in your contact list. If you are unsure about a phone number, you may text “Help” to your bank’s short code and compare the phone numbers. Only call the numbers in your Help response or in your contact list to avoid Vishing
• Bookmark the bank’s mobile web site and only use this bookmark to access the site to avoid phishing.
• Avoid using unsecured, public WiFi networks to access financial accounts with mobile devices.
• Always use your cellular network when conducting mobile financial services.
• Only download apps from stores, such as Apple & Android, (no independent third parties) that are submitted and branded by the bank. Or download the app, for Blackberry as an example, from the branded Web Mobile Banking solution’s menu that has been authenticated and activated by the user during enrollment and accessed through the bookmark.
• Finally, know that the bank will not ask users to provide confidential information over an email or SMS message.