Do's and Don'ts for Secure Mobile Banking
On my way to the office, I met an old friend on the train today. During the course of our conversation, I learnt that despite owning a smartphone, she does not carry out banking transactions through it. She doubts if her bank has made mobile transactions completely safe and is biding her time, waiting for the day when mobile banking becomes foolproof.
Most of us believe that it is the sole responsibility of financial institutions to safeguard mobile banking transactions from fraud and phishing attacks. But the truth is that customers must share that responsibility by taking proactive measures to help reduce the risk. Some basic precautions while using the mobile phone can go a long way in reducing incidence of fraud.
We need to create complex passwords, not divulge them, and change them often to help reduce phishing attacks. Simple actions, like employing the digital locking mechanism for mobile phones when not in use, can possibly avert identity theft. We must conduct a periodic review of bank accounts to help identify unauthorized or suspicious transactions, and on spotting any, must promptly contact the financial institution. We must access online banking sites via bookmarks and not click on links accompanying e-mails and text messages. Banking on public Wi-Fi networks is best avoided but if that's not possible, it is advisable to disable Bluetooth and switch to the cellular network. Care should be taken to download banks' official apps only and steer clear of apps, which are not reputed.
At the slightest suspicion of foul play, it would be a good idea to wipe all personal data from the mobile device (some of them can be remotely reset to factory settings). If not, we can contact the financial institution to help deactivate their app from afar and notify the wireless carrier to have the service turned off. Mobile anti-virus apps help prevent sophisticated malware attacks which manage to breach even the most advanced security systems put in place by banks. We must also keep the OS and apps on the smartphone updated, to avoid any malicious exploitation of security holes in outdated versions.
On the other hand, financial institutions too should take the initiative to reduce fraudulent mobile transactions. Multiple factor authentication, digital signature, One Time Password generation from a security token, use of virtual key board to mask user-entered passwords and codes, remote wipe option, PIN generation to activate the authentication mechanism, and limited storage of personal information on the device, are some of the features that need to be introduced. Banks should also monitor large and potentially suspicious transactions and immediately text the relevant information to customers.
In short, financial institutions and customers must work hand-in-hand to popularize mobile banking and ensure a secure environment for its widespread use.