Copyright ©2011 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MICHELE NORRIS, host:

Not only can you update your Facebook status on your smartphone, you can also manage your bank account. But security experts warn that as more people bank by phone, more criminals can steal by phone.

Jacob Fenston has the story.

JACOB FENSTON: April Carson hasn't been inside a bank for five years. She says she can do everything she needs to on her mobile phone, wherever she is.

Ms. APRIL CARSON: On the Metro, commuting to and from work.

FENSTON: Today she's at a coffee shop. As she sips her cappuccino, she opens her bank's app on her iPhone and taps in the password.

Ms. CARSON: You know, that is one pain, like, minor pain - sometimes my fingers are too big and so I put in the wrong password.

FENSTON: She unfolds a check to deposit, holds up her phone...

(Soundbite of camera clicking)

FENSTON: Takes a photo, uploads the image to her bank.

Ms. CARSON: And, boom, you have $200 in your account.

FENSTON: About one in 10 U.S. households uses mobile banking now, according to market research firm Nielsen. Only a handful of banks let you make mobile deposits. But most offer some mobile features, even small mobile banks.

Ms. ALICE FRAZIER (Cardinal Bank): Now it's an expected service when people come to bank with us.

FENSTON: Alice Frazier with Cardinal Bank in Virginia. When her bank rolled out its mobile website, many customers were leery. Now, three years later, just under 10 percent use the mobile site to check balances or transfer funds. Frazier says it's just as safe as using your desktop PC.

Ms. FRAZIER: What you need to know is that no customer information is saved on the phone. It goes away when the transaction is complete.

FENSTON: But that's not always the case with the downloadable apps put out by banks, says mobile security expert Andrew Hoog.

Mr. ANDREW HOOG (Co-founder, viaForensics): When people, let's say, in my family and friends' groups say, well, should we use this mobile banking app on our cell phone? I'm fairly skeptical of it. I certainly don't do it.

FENSTON: Hoog runs a company called viaForensics. It recently tested six of the most popular banking apps for potential weaknesses and only one passed. Some, like Wells Fargo's Android app, stored critical information on the phone in plain text.

Mr. HOOG: We were able to come in and find your username. We were able to find your password. And we were able to find out all of the different information about your bank account, about who you were buying services from, who you were paying, what your mortgage was costing.

FENSTON: Wells Fargo and other banks responded quickly with fixes, but Hoog worries rapidly changing technology means developers put speed ahead of security. Inside the banking industry, security experts are less skeptical.

Mr. PAUL SMOCER (President, Financial Services Roundtable): I have begun to use mobile banking myself, yes.

FENSTON: Paul Smocer is in charge of technology at the banking trade group, Financial Services Roundtable.

Mr. SMOCER: We haven't seen a whole lot of malicious software yet. Part of that relates to the fact that there are so many different manufacturers and operating systems in the mobile world. But part of it, I think, is also due to the fact that this is a relatively new environment. And unfortunately, crime follows growth.

FENSTON: But, he says, new technology could eventually make banking by cell phone safer than banking online or at an ATM.

Mr. SMOCER: Facial biometrics is something that we're looking at as an industry.

FENSTON: That means using the cell phone's camera to verify who's trying to access an account. Cell phones of the future could also use fingerprints to check identity. In the meantime, Smocer has some simple advice for mobile bankers. Treat your phone like you would a credit card.

Mr. SMOCER: My phone is now much more than a phone. It is, you know, an enabled device that allows me to do financial transactions.

FENSTON: In other words, don't lose it.

For NPR News, I'm Jacob Fenston.

Copyright © 2011 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.