Is your banking application secure?
Mobile banking security
It is important for both customers and banks alike. Customers want to be sure that their data, and most of all – money, is safe and sound when using mobile applications. For banks, the issues of mobile security are equally important. Even if data leakage or money loss is caused by customer's own fault, the reputation of a bank can be irreparably damaged. How to protect yourself against hacking attacks and how do banks protect their customer data in different parts of the world? Fortunately, this is becoming easier and easier as banks introduce more and more advanced solutions. You, too, can increase the security of mobile banking by following a few simple rules when using banking applications.
Attacks in the era of mobile banking
You can increase the security of mobile banking by protecting yourself against hacking attacks. This is not only the responsibility of banks, but yours as well. Even the most secure banking application will not protect your money effectively if you carelessly pass on your account details to hackers.
So, know your enemy and check what hacker attacks banking applications are most often exposed to:
- Text messages with fake links – this is a very popular method of data scamming called phishing. Hackers send messages to their "victims", e.g. asking them to install a mobile application update by following a link. The link, of course, contains a virus that can infect your smartphone with a program that eavesdrops on you and thus obtains various data about you.
- False QR codes – the codes can also contain dangerous links, which make a banking application vulnerable.
- Exploiting vulnerabilities in software – you have no influence on which software your bank has, but you can increase its security by updating the applications you use for mobile banking.
- Emails with data extortion – hackers, pretending to be bank employees, often send emails asking for additional data needed to use an application. Of course, this is a fraud attempt because banks never ask for sensitive data to be sent over by a text message or email. Another form of fraud is false billing which requires a mobile payment. Then your banking application can be attacked easily.
Mobile banking security at global banks
Banks use many methods to improve the security of mobile banking. The first one is a two-step security system, i.e. the need to verify the account first when logging in and then when confirming a transaction. Banks also use a security image, i.e. displaying a specific image when using a website. This is to protect customers from fake websites and make banking applications more secure. Apart from taking care of software security, banks all over the world more and more often employ specialists for threats, so called threat hunters. According to many studies, they are able to track down even 90 percent of attacks and quickly solve problems, but most of all – prevent them. In order to strengthen the security of mobile banking, banks also share their experiences with organizations that deal with cyber security.
Employee training is another extremely important element that enhances the security of mobile banking. The weakest link in digital security is still a human being. A poorly trained employee may unknowingly expose a bank to the risk of losing customer money. That is why hacker attacks are often directed not at software or customers, but at bank employees. Hackers pretend to be institutions or individuals and try to extort data from those employees. That is why the world's largest banks spend considerable sums of money on training their employees in mobile security.
Banking application security – informing customers
Banking protection policies stipulate informing customers about potential threats they may face online while using banking applications. Banks most often prompt their customers to:
- download a banking application only from trusted sources, such as App Store or Google Play. It is vital to make sure though that the app is owned by our bank. Do not search for applications via Google, as Google may refer you to viruses.
- Change your password and update software on your mobile phone regularly
- Do not open suspicious emails, especially the attachments they contain
- Do not open a bank application while using an open Wi-Fi or on a device you do not know
- Do not store any data related to the use of a banking application on your phone
- Set daily and monthly transaction limits
- Disable automatic updates from unknown sources on your phone
Global mobile banking security standards
Now you can use your banking systems even more securely in Europe, as the PSD2, which applies to all payment services, comes into force and banks need to adapt their systems to its requirements.
What does it mean in practice
In practice, this means using even more detailed authentication. Two out of three verification methods should be used for verification. The first one is a password or code, but one that only the customer can know at the moment, e.g. contained in a text message. The second one is assigning a specific mobile device or card to a given user. The third, and relatively new method of verification, is biometric security, i.e. fingerprint or face recognition. Such changes are already introduced by more and more banks. Such measures make impersonating customers, or effective use of their data, much less likely. They require multi-level verification which usually can be done only by account owner.