About 10 percent of U.S. households engage in mobile banking. But some security experts say mobile banking apps are not secure enough to protect critical information.
About 10 percent of U.S. households engage in mobile banking. But some security experts say mobile banking apps are not secure enough to protect critical information. David Clark/iStockphoto.com
April Carson hasn't been inside a bank for five years.
She says she takes care of all of her banking needs wherever she wants using her mobile phone. Sometimes that means banking during her daily Metro commute in the Washington, D.C., area.
Back in the 1970s, ATMs inspired fear and awe. Suddenly, you could do your banking 24 hours a day. But was it really safe? These days, new concerns are surfacing about banking by smart phone. As more customers bank by phone, security experts warn that more criminals will try to steal by phone.
As Carson sips her cappuccino at a coffee shop, she opens her bank's app on her iPhone and taps in the password.
"You know, that is one pain — like [a] minor pain — sometimes my fingers are too big so I put in the wrong password," she says.
Carson unfolds a check to deposit, takes a photo of it with her phone and then uploads the image to her bank.
Increasing Mobile Features For Banking Customers
About 10 percent of U.S. households engage in mobile banking now, according to Nielsen, a market research firm. Only a handful of banks allow people to make mobile deposits. But most banks offer some mobile features.
When Cardinal Bank in Virginia rolled out its mobile website three years ago, many customers were leery, says Alice Frazier, the bank's chief operating officer. "Now, it's an expected service when people come to bank with us," she says.
Today, just under 10 percent of customers use the mobile site to check balances or transfer funds. Frazier says it's just as safe as using a desktop computer.
"What you need to know is that no customer information is saved on the phone," she says. "It goes away when the transaction is complete."
But that's not always the case with the downloadable apps put out by banks, says mobile security expert Andrew Hoog.
"When people, let's say, in my family and friends' groups say, 'Well, should we use this mobile banking app on our cell phone?' I'm fairly skeptical of it," he says. "I certainly don't do it."
Many Banking Apps Fail A Security Test
Hoog is the co-founder of a company called viaForensics, which recently tested six of the most popular banking apps for potential weaknesses.
Only one app passed the test.
Some, like Wells Fargo's Android app, stored critical information on the phone in plain text.
"We were able to come in and find your username," Hoog says. "We were able to find your password. We were able to find out all of the different information about your bank account, about who you were buying services from, who you were paying [and] what your mortgage was costing."
Wells Fargo and other banks responded quickly with fixes, but Hoog worries that rapidly changing technology means developers put speed ahead of security.
Inside the banking industry, security experts are less skeptical.
"I have begun to use mobile banking myself, yes," says Paul Smocer, who is in charge of technology at The Financial Services Roundtable, a banking trade group.
"We haven't seen a whole lot of malicious software yet," he says. "Part of that relates to the fact that there are so many different manufacturers and operating systems in the mobile world. But part of it, I think, is also to do with the fact that this is a relatively new environment, and unfortunately, crime follows growth."
Moving Toward Using A Facial Or Fingerprint ID System
But Smocer says new technology could eventually make banking by cell phone safer than banking online or at an ATM.
"Facial biometrics is something we're looking at as an industry," he says.
That means using the phone's camera to verify who is trying to access an account. Cell phones of the future could also use fingerprints to check identity.
In the meantime, Smocer has some simple advice for mobile bankers: Treat your phone like you would a credit card.
"My phone is now much more than a phone," he says. "It is an enabled device that allows me to do financial transactions."
In other words, don't lose it.