Banking by smartphone can be risky
Source: Eve Mitchell
J.T. Pierce's bank is right next to his Foster City workplace. But he hardly ever visits the branch, since he uses online banking to take care of most of his banking needs.
"I've been banking online since college," said the 26-year-old San Francisco resident. "As soon as I was able to open an account online, I pretty much jumped on it. The No. 1 reason is convenience."
But while he likes the convenience, he takes the time to change his password every few months.
Such precautions, which also include installing security software to protect against viruses, spyware and malware, have become second nature for many people who bank online on a computer. But people often are not as protective when using smartphones for online banking.
Of course, no matter how careful a consumer is, hackers can still compromise online security. You have to look no further than the data breach earlier this month at the mybart.gov website that exposed the passwords and other personal information of more than 2,400 BART riders. Sony's PlayStation website was also hacked earlier this year.
Such break-ins are all the more reason that security experts stress the importance of not using the same password to access different websites.
"Unfortunately, many people do that," said Jon Fox, consumer advocate for CALPIRG, a San Francisco-based consumer group. "You put everything at risk. So having different passwords for different websites is common-sense advice."
Online banking is becoming more and more popular with consumers as a way to check statements and pay bills. Two out of three consumers surveyed said they had an online banking session in the last seven days, said a report released in July by Pleasanton-based Javelin Strategy & Research.
Security software that can protect against viruses, spyware and malware should be part of online banking security measures, whether you are using a computer or smartphone for online banking, experts advise.
"Most instances of banking fraud are not due to the bank's technology being compromised, but to people unwittingly giving out their personal information to criminals via phishing scams and copycat sites, or their computers being infected with malware," said Dave Marcus, director of security research at McAfee Labs, an arm of the Santa Clara-based maker of security software products.
Fox said people today are more aware of the risks of using their computers. But he adds that many are not aware that "their smartphones are essentially small computers and that they take the same risks. Similar precautions taken on your computer should also be used on your smartphone."
While security products that protect computers have been around for years, mobile security software products have just started to roll out. Less than one out of 20 mobile phone users worldwide have security software installed in them, according to Juniper Research.
"Companies that provide (security) software for computer threats are now recognizing that mobile apps and mobile technology is increasingly an environment open to risks," said Fox.
Here are a few tips from him and others:
Consumers should only download mobile banking apps from trusted sites. Also, make sure a password and auto-lock feature is enabled on a mobile phone. That way, if it is stolen or lost, it will be harder to access.
Whether you are using a computer or smartphone to bank online, make sure the website is secure, advised Marcus of McAfee Labs. Look for an address that starts with "https" instead of just http. "When you see that "s" in there it means that the banking session is encrypted,'' Marcus said.
Don't respond to emails asking for financial or personal information, said Joe Ridout, spokesman for San Francisco-based Consumer Action.
"Don't click through an email that purports to direct you to your bank's website because it could be an impostor and some of the imposter bank sites are very clever and can be very convincing," he said.
Consider signing up for an online bill-paying service with your bank instead of having a lot of different companies pulling money electronically out of your checking account to pay bills.
"We would recommend that consumers not allow different companies to pull money out of your bank account. Instead, set up an automatic bill payment at your bank's website and initiate transactions that essentially push the money out to different entities," Ridout said.
You've probably heard the advice to use a symbol and lower and upper case when setting up a password. Marcus offers different perspective.
Think about using a pass phrase instead of just a password. "What that means is that you can use a song lyric. You can use a line from a book," he said. "The more letters there are the more difficult it is to crack."
| }
|