Mobile applications are more and more frequently used by bank customers. This is an extremely comfortable way of using one’s account. Unfortunately, development of mobile technologies entails a range of threats connected primarily with cyber attacks. What to take into consideration so as not to become exposed to having money lost or sensitive data stolen?
We eagerly use mobile applications when paying bills or doing the shopping. Therefore, in order to take care of our safety, banks introduce securities with a view to minimise the risk of cyber attack, e.g. by means of SMS codes, transaction limits, identification mechanisms or automatic session timeout after user’s inactivity period. But are all these measures able to protect us from a theft? It turns out that the problem is much more complex and we can expose ourselves to a cyber attack by downloading applications from unknown sources or downloading software from a link included in a text message or email. Phishing is one of popular methods of stealing data, which in the case of mobile banking involves capturing confidential data used for logging in and authorising transfers. This is a simple route to a theft – obtaining login credentials in the system makes it possible to transfer money from the bank to any account. So how to protect oneself from cyber attacks?
It should be remembered that mobile devices should also have an antivirus software installed, which must be regularly updated. Let’s pay attention to the fact that applications downloaded on our smartphone or tablet should come from a verified and legal source. We must not download banking applications from suspicious links. They ought to be downloaded exclusively from official stores: AppStore (for iOS), Google Play (for Android), Windows Phone Store or Windows Store (for Windows systems). Moreover, after using mobile banking services you should immediately logout and not leave your smartphone unattended.
For your own safety you should set strong passwords, separate for banking applications and your phone. When a mobile device is stolen, when a hacker cracks one password, the other one won’t be a problem for them. Banks offer an application access, for instance, via fingerprint authorisation, which seems to be a safe solution. Using a generally available Wi-Fi network should be avoided when making transactions.
Banks do not ask their clients to download additional applications, e.g. in the form of e-security certificates, via emails or text messages. They do not ask for providing confidential data either. One should make sure that a given message has been actually sent by the bank. This is particularly important for executed transactions. It is frequently the case that we confirm a transfer right away; however, it is worth checking if the amount and bank account number comply with those ordered on the transaction service website. One of the methods used by cyber criminals is stealing logins and passwords from users of mobile devices. They can do it, for example, by means of a false email from a bank containing an infected attachment. Even apparently harmless offers or messages sent via email can contribute to downloading a virus on a mobile device. Push notifications are a much safer solution. Owing to them, we can voluntarily get messages related to current bank operations or statuses of banking transactions. It suffices to activate push notifications in a banking app on the mobile device. They can be easily enabled by entering a bank website and opting in to receive customised messages. Importantly, push notifications do not require providing an email address or telephone number.