Monday, December 26, 2016

3 Easy Steps for Safer Mobile Banking

Making Mobile Banking More Secure


By Robert McGarvey


Many of us still resist mobile banking due to fears about security. A survey by IDC found that 36% of us do not currently use mobile banking apps, with 74% saying it’s because of security worries.


Of course this is rooted in irrationality. The reality is that mobile banking is much safer than online banking on a Windows computer where Zeus continues to be an expensive nuisance.


But there also are very real - and multiplying - mobile threats as cyber crooks follow the money.


Definitely, there now are potent malware strains for mobile, especially on Android - but realistically there are easy steps credit unions and their members should take to insure member mobile banking security.  


This is a fight credit unions are positioned to win against the big banks. The latter lumber through technology initiatives, a necessary consequence of so many customers and so much patched together technology.  


Credit union leanness is a plus. It also is easier to persuade members that we are all in this together, that is, these steps are for your own good. So take them.


Three steps can put credit unions and members in a safer place. None is hard. Or expensive.


First step: download apps only from official apps stores, such as Google Play, Amazon, and the Apple Apps store.  Nowhere else. That’s an easy vow for iPhone users to keep - their ability to download elsewhere is constrained.  Android users have more latitude but they shouldn’t use it.  The primary source of contaminated apps is downloads from third party sites.


Every credit union should continually preach that cautionary counsel to its members.

Be adamant about teaching this. It's probably the single most important safety step any of us can take.


Second step: initiate a biometric sign in tool, such as Touch ID.  Signing into my credit union, Affinity in north Jersey, no longer involves a password. I use my Touch ID fingerprint and am in.  


This is volitional at Affinity but I jumped on it as soon as I saw it.


Every credit union should do likewise and my advice is to also offer Android biometrics too.


Third step: Implement a second factor authentication. My log ins to Amazon involve a text message sent to a cellphone.


Ditto for my log ins to Google.


And now Yahoo.


Does this chew up a half minute or so? Yep.


But in a world of cyber theft these, to me, are seconds worth spending on increased security.  


There’s a reason for my steps: we need, finally, to move beyond the shallow security provided by a username and password. That just is not good enough,


Ask security experts what they expect to see more of in 2017 and a threat many point to is automation of sophisticated attacks that will let comparative amateurs mount slick assaults.  

Either way we will see more - and better - attacks on mobile banking and that means consumers need reassurances that they will be safe using the technology.


By now, we all also know that there are literally billions of logins - usernames and passwords - for sale in criminal cyber bazaars.  Many of them probably still work.


Even security questions - really - have become a joke.  Either the questions are so simple, anybody can come up with the right answer - what’s your high school mascot?


Or the questions are so hard even the user is likely to get the answer wrong.  What was your favorite song in 12th grade?


The solution is to focus in on an ad hoc, user guided security and that means be mindful of what you download, deploy simple biometrics and use multi factor.


Credit unions need to get the jump on banks in offering these tools to members, to reduce both theft but also fears of theft.


Personally I follow all three.  


And I rarely use online banking - a fourth step I’d recommend to the security concerned.