Expert Take banner over a phone with a login screen

Nowadays, you can deposit checks over your morning coffee, check your account balance during your lunch break, or make a cashless transfer to a roommate for the monthly electric bill. These mobile banking capabilities are certainly convenient, but you may be wondering: Do they put your financial information at risk?

With so many people doing their banking via their phone, the subject of mobile banking security is incredibly relevant. In our increasingly wireless and interconnected world, you can never be too safe with your financial information. Most mobile (and digital, in general) banking attacks happen through social engineering — when users are manipulated to give up their usernames and passwords to hackers, scammers, and other cybercriminals. These techniques range from malware links, phishing websites, phone calls, and more.

Here at Ally, as an online-only bank, one of my team’s top priorities is remaining diligent about protecting your personal information and keeping you informed on how you can stay secure. In addition to staying up to date on the latest cybersecurity threats, we’ve compiled this quick index of mobile cybersecurity tips that will have you ever ready and smartly prepared to keep things under lock and key out there in the mobile banking wild.

Security tip #1: Your Wi-Fi network matters.

Hackers exploit the vulnerabilities of public Wi-Fi. If you’re on a shared Wi-Fi network, your information is in more jeopardy than on your home network. Most of these networks, like those at coffee shops, libraries, and gyms, lack necessary security measures, have poor router configurations, and typically weak passwords.

We strongly advise against mobile banking or conducting any other activity that involves sensitive data on a public Wi-Fi network. If a would-be hacker is lurking on the network, they can more easily intercept the data transfer to and from your phone and use your credentials to access your bank account.

If you’re out and about and need to access your mobile banking account, use your cellular network instead. It’s not foolproof, but it’s much more secure.

Related: How to Secure Your Wireless Network

Security tip #2: Your bank’s official app and your mobile browser are not equally secure.

Use your bank or financial institution’s official mobile banking app instead of your phone’s pre-installed web browser. These applications put everyday banking and investing tools at your fingertips in a fast — and safer — fashion that’s likely much more secure than mobile browsers’ data authentications and security algorithms. Simply put: Apps leverage security measures available on the smartphones and tablets for which they’re built.

And be sure to always download the latest version of your mobile banking app. We consistently upgrade the Ally Mobile Banking app (available via the Apple Store and Google Store) to improve your experience and load it with the latest security firmware updates and protections against sneaky hackers and new malware.

On a similar note, be wary of third parties that aggregate all of your financial data in one place, as they generally need the login credentials for all of your accounts to do this.

Security tip #3: Keep your phone close.

Would-be thieves would like nothing better than access to your mobile phone, a device with all of your critical personal and financial items, so treat it with care and attention. You can counter “shoulder surfers” by refraining from conducting mobile banking in the open or near others with potentially prying eyes. If you do need to mobile bank in public, keep your phone close to your chest.

You may wonder, “What if I lose my phone? Will its finder be able to get into my bank accounts?” It’s important to act quickly when you realize your phone is missing and may have been stolen. Many phones have remote locking capabilities (like “Find My iPhone” for iOS and “Find My Device” for Android) that you’ll want to activate to help prevent someone from accessing your phone. You might consider erasing your phone remotely, too, if your device has that capability.

Another step to take is to call your cellular network, your insurance company, and your financial institutions to alert them to the theft. You can also change your account passwords and monitor your accounts to look out for fraudulent activity.

Investigate what’s available for your specific device and make sure to enable these theft prevention implementations.

Security tip #4: Strong passwords make a difference.

Implement a numerical key code to unlock your phone (and do better than four identical digits or 1, 2, 3, 4). While most mobile banking apps, like ours, require authentication, it’s always good to add this additional layer of insurance.

Moreover, use meaty and varied passwords for your accounts. Data demonstrates that two out of three consumers use one password for all of their online accounts. Avoid being part of this statistic by shaking things up.

Related: How to Create Secure Passwords

Security tip #5: Don’t respond to suspicious emails, texts, or phone calls.

Even if the call or message appears to come from Ally or your financial institution, if you feel at all suspicious, don’t answer or message back. Instead, go to the financial institution’s website and look up their contact information. And, while it may sound over-the-top, scan for grammar errors within the body copy of texts and emails, and double-check all hyperlinks for irregularities — all of these can be signs of a scammer at work.

Related: A Roundup of Our Best Tips to Help Protect You From Cybercriminals

Security tip #6: Keep your phone number on file for authentication codes.

You don’t want financial institutions and other organizations to send one-time password codes to your email address, because it’s more likely that a hacker could have access to your account. Instead, maintain an extra level of security by opting to receive authentication codes via text on your phone.

Security tip #7: Sign up for fraud alerts from your bank or financial institution.

Most banks, including Ally, allow you to set up suspicious activity alerts online or through their mobile app. In the unlikely case that a fraudster does gain access to your mobile accounts, you will receive an alert via email or text immediately informing you of any dubious transactions, including large withdrawals, account closure, and new check orders. You can also receive alerts on credit and debit card activity.

Learn how to sign up for text alerts from Ally here.

A Rise in Social Media Scams

Recently, we’ve seen a rise in scams that originate on social media. For instance, on a broad level, a fraudster might send a Facebook message or place an ad on Instagram about a money-making opportunity. The victim, thinking it’s a legitimate offer to make some easy money, will click the ad or message the fraudster back. From there, the fraudster might ask for the victim’s banking credentials in order to deposit paychecks, and the victim, to whom this might seem like a regular onboarding experience, might comply. The fraudster is then free to make withdrawals from the victim’s account.

With these types of incidents, the victim is often responsible for any monetary losses.  So, never share your online credentials, PINs, or debt card details, and do not open a bank account when someone you don’t know asks you to. Stay vigilant and informed to avoid this type of trending scheme — an important thing to remember is that if an offer seems too good to be true, it probably is.

Related: 4 Coronavirus Scams and How to Avoid Them

Continue banking on your phone.

Is mobile banking safe? Absolutely. But as more transactions take place on mobile devices, it’s more crucial than ever to keep your financial information protected. Follow these seven security suggestions, and you’ll be better prepared to stay safe while mobile banking.

Want more cybersecurity tips to help keep you safe?

Check out our security center.


 
Speech bubble icon next to text "Expert Take"

Headshot of Keith GordonKeith Gordon is the Chief Information Security Officer at Ally Financial, responsible for establishing and maintaining the enterprise vision, strategy, and programming to ensure information assets and technologies are adequately protected. Keith has a broad background in cybersecurity intelligence, as well as technology risk, security, and fraud. Before joining Ally, Keith held numerous leadership roles in information technology and risk management at Bank of America and Capital One.

Keith is passionate about the evolution of cybersecurity in the financial industry and speaks frequently at national and local industry events, including Bloomberg’s CIO Summit and the UNCC Cybersecurity Symposium. He currently serves on the cybersecurity advisory board at Montreat College and UNC Charlotte, as well as on the boards of Sheltered Harbor, Imperva’s Customer Advisory Council, and HMG Strategy.