Mobile/e-banking usage are secure enough or too risky?
It is quite similar question with “traveling with airplanes are secure or risky?”
According to US accident statistic, the safest transportation way is travelling with airlines with 0.07 fatalities per billion passenger miles and the riskiest one is motorways which having fatality risk of 7.3 per billion passenger-miles. In other words, airlines 105 times safer than motorways. But airplane crashes take more media attention and it may create stress for passengers. I have started with transportation analogy which is quite similar to banking. Safety of digital channels are quite similar to airplanes. Flying to somewhere is a really big convenience in terms of saving time and traveling with comfort. Moreover, it is the safest way unlike our inner fears. But there are some certain safety rules to be obeyed before or during the flights, sometimes these rules can be boring. Luggage checks, liquid restriction, electronic device restrictions, seat belts and other rules are being reminded by hostesses again and again for each flight.
We can continue to use airplane metaphor for mobile/e-banking usage. There are some certain rules to be easily obeyed. If you are taking care about rules, digital channels will become the safest and the most convenient way of doing banking. You can avoid the risk of physical robbery, physical security risks, time loss, coronavirus or other pandemic disease risk, even social risk to be visible frequently in bank branches to be target to be asked debt from friends/relatives etc.
What are the rules to be followed?
- Don’t share your password with anyone (including card passwords)
It is the main principle of digital banking. Passwords must be known by only the user (even not your spouse). If you are sharing with your family members, you should remember that the responsibility is belong to you.
- Don’t lose your phone (if you lost, take immediate actions)
- Don’t use your phone without password, you can define a password / pattern or you can use fingerprint, face recognition*, or iris recognition. (*Some face recognition techniques are weak and may accept photos).
- Never leave your phone unattended. Install an anti-theft and rescue app that can find your phone, lock it remotely and even erase your data when it's stolen. Some of the phones has such features by default, like find my iPhone etc.
It will be better to close the bank application when you finish your banking transactions, if you did not lock your phone. Anyhow, mostly banks apply time out rules and it will close the bank application automatically but being in the safe side is better.
- You should be sure that you are using the real bank website. (not clone)
Easiest way for fraudster is using lookalike website. They can use similar website names to the bank name to get/steal some customer data. Easiest way to prevent this risk is using banking applications downloaded from Appstore or Google Play instead of using browsers Opera etc. Although It is not expected for applications but you should research the developer, read reviews, and check the app rating in Google Play or App Store before downloading any apps to your phone. Poorly designed or malicious third-party apps may use your username and password to access your bank account and to empty or monitor your account.
If you want to use e-banking services, you should write the bank’s website name. Don’t use links came from someone. Banks never asks personal data, card data etc. by sending e-mails/SMS/phone calls. Websites of banks are secure (you can see in the left side of the bank name https:// instead of http://).
Banks shows you security pictures which you have previously chosen while you authenticate yourself to ensure you that you are in the real website. SMS or Soft OTPes are also other strong security elements.
- Don’t follow the links send
There are many fake e-mails sending links and asking some confidential information like your passwords, user number, mother maiden name, card number, card pin etc. In order to convince people, they can send e-mails similar to the bank and they may try to attract attention a “you won lottery”, you won 10.000€, “for your security, you should update your data from the link”, you will get payment from public institutions etc.
Always check the URL and domain of any link you are about to click, especially if you claim it comes from your bank. If it looks suspicious, avoid it. The same is true for SMS messages or messages and links on social media. If you have given by mistake immediately change your password.
- Don’t use public Wi-Fi to use bank app
Many of public WIFI networks do not have basic security measures and have poor router configurations and weak passwords. Mobile banking or other activities that disclose your sensitive data should never be held on public Wi-Fi networks.
If a hacker monitors the public Wi-Fi or hotspot you're using, it can capture data transferred to your phone and use it to access your banking account.
If you are navigating in a library or cafe and need access to your bank account, use your cellular network (mobile data) instead. It's not perfect, but it's better than public Wi-Fi. Better still, open a VPN and use public Wi-Fi without the risk of compromising your personal data. A VPN encrypts your web traffic, making it extremely difficult to intercept and decipher.
- Use anti-virus programs.
If you are using e-banking, antivirus programs will keep you secure. You can find free anti-virus programs to use. Or if you are working in an institution, you can use your PC in the company. IT departments generally take all necessary measures to prevent such risks for the companies, you can benefit from the standards of your company.
Which devices are more secure (iPhone or Android)?
Banking applications in iOS tend to be secure thanks to the rigorous standards of the App Store. The most vulnerable iOS systems are jailbroken systems. It is a non-logical action but mainly to use some games etc. without cost some apple users choosing to use Jailbreak. Jailbreak means breaking the standard settings of an iOS system, so you can change your phone like Apple doesn't allow. It means you have an iPhone but it is like an Android. With a jailbroken phone, you can install applications that are not authorized by Apple and also remove security protocols that Apple has integrated into the device. Jailbreaking also voids the warranty, so you can't get support from Apple when you need it most. If you are just a normal iOS user, you should never jailbreak your iPhone. Only use apps that are generally safe from the App Store. Malware can bypass Apple's defense once in a while, so you should always be careful, but they definitely catch a lot of potential threats.
The Android platform provides more flexibility to its users, leaving more security gaps than iOS systems. Minimize your risks and update them in time by downloading apps only from Google Play.
Go to your Android settings and make sure to open Google Play Protect, which scans your apps for suspicious behavior. You can also use the Find My Device setting, which allows you to remotely find, steal, lock, and even erase your device. Review the apps you have downloaded and installed on your phone and delete apps you don't need or use, each represents an unnecessary potential vulnerability. Older applications may also be poorly supported or have vulnerabilities or malware. A clean and tidy Android system is likely to be a secure system.
Fatmir Shkodra