Perhaps the biggest risk is also the reason why mobile banking is so popular — mobile devices are easy to carry around everywhere we go. They can contain everything from passwords to contact lists to our calendar appointments. Information like that can be dangerous if your mobile device falls into the wrong hands.
While there aren’t as many examples of malware out in the mobile device market as there are on traditional PCs, the fact remains that mobile devices are just specialized computers. That means it’s possible for someone to design an app that could try to access your information. One way this could happen is if the app hides a keylogger.
Many banks now offer official applications in smartphone and tablet app stores. In general, these apps tend to be more secure than sending information by SMS message or e-mail. Most banks go to great lengths to make sure any information sent across a network by an app is encrypted.
Make sure your bank sanctions the app before you download and install it. Most banks will include a section on their Web sites to let you know about the official app. Once you’ve verified the app is official, it shouldn’t be difficult to download and install to your device.
Many mobile devices allow you to connect to different types of networks, including Wi-Fi networks. You might be tempted to check your balance or make some transfers while you grab a quick drink at a coffee shop. But before you log into your account, make sure you’re not connected to the public network.
Public connections aren’t very secure — most places that offer a public Wi-Fi hotspot warn users not to share sensitive information over the network. If you need to access your account information, you may want to switch to another network. If you’re using a smartphone or other cellular device, disabling the Wi-Fi and switching to a cellular network is a good solution. You never know who might be listening in over the public network.
You may have heard the term phishing. Phishing refers to the practice of tricking someone into revealing private information. Fishing and phishing are similar concepts — there’s bait involved with both. With a phishing scheme, that bait might be as simple as a text message or e-mail. It may be as complex as a fake Web site designed to mimic your bank’s official site, which is called spoofing.
You should never follow a banking link sent to you in a text message or e-mail. These links could potentially lead you to a spoofed Web site. If you enter your information into such a site, you’ve just handed that data over to thieves. It’s always a good idea to navigate to a Web site directly. Enter your bank’s Web address into your phone and bookmark it. This will help you avoid bogus Web sites.
On a related note, you should never send your account information or password via text message or e-mail. It’s a common phishing scheme to send out bogus requests for such information. Don’t fall for it!