How Secure Are Mobile Deposits?
More consumers are banking from their smartphones, but how secure are these transactions?
A report published by the Federal Reserve in March 2014 shows that in 2013, 33 percent of American adults with a cell phone used it for mobile banking, an increase of 5 percent from the year prior. The study also notes that of those cell phone users who had not accessed mobile banking, 12 percent expected to try it within the next year.
Despite its wide adoption, the study also shows that 69 percent of the cell phone users not accessing mobile banking cited security concerns as their reason why. With so many consumers using mobile banking already, are these worries justified?
The safety of mobile banking
"Users should always be wary when using technology that deals with their information," says Luis Corrons, technical director of PandaLabs, the malware research lab at Panda Security.
A newer element of mobile banking is mobile deposits, where a user sends a photo of a check through the mobile application in order to credit it to an account. Some users are wary of how this information is protected, where the photos are stored, and whether the app is safe from hacking attacks.
"We assume that companies developing these apps take a minimum number of security measures, such as encrypting all the traffic sent by the app," says Corrons. "However, there is no way for an average user to verify this."
The secure design of smartphone operating systems makes it difficult for an attacker to break into an app and steal information, but according to Corrons, there are still risks—many of them stemming from the behavior of the smartphone user.
"[The user] can be fooled into installing a fake app that passes as if it were a legitimate app," he says. For example, at the recent Usenix Cybersecurity conference, a fake app was able to intercept photos of checks as they were being sent through a mobile banking app.
If you plan to use mobile deposits, take the time to educate yourself on the app you are going to use before downloading it. Reading the reviews and user agreements can help you avoid downloading a potentially harmful app.
How your information is protected
Chris Taylor, general manager for the payments group at financial technology firm Fiserv, agrees that the user shares some of the responsibility in keeping mobile deposits safe.
"Consumers should take great care in protecting their logons and passwords," he says.
If your phone is lost, your password could be the only thing standing between a fraudster and your bank account. For this reason, you should maintain a unique password for both your phone and your mobile banking app.
According to Taylor, mobile deposits are as secure as any other way to deposit a check. Photos of checks taken using the mobile banking app are never stored on the device, and they are encrypted while they travel from your phone to the bank for verification.
Four ways to help protect your personal information
Mobile banking and deposits can help you manage your money on the go, but they may also require that you pay extra attention in order to help keep your accounts safe.
Here are four tips to help you practice safer habits with mobile banking and deposits.
1. Use a secure network.
"My recommendation is to use these apps only when you are connected to a safe network or via your mobile data plan," says Corrons. This means avoiding public WiFi and other unfamiliar networks when accessing your financial accounts through a device. While the phone and app can be secure, fraudsters can actually set up networks that appear to be legitimate for the purpose of identity theft.
2. Dispose of your checks after depositing them.
Once you make a mobile deposit, you'll still have the paper check. You should either mark it as deposited, similar to how you would void a check, or shred it. Many banks suggest keeping the check until you are sure it has been deposited into your account, then disposing of it properly. If obtained by a fraudster, a check that has been deposited via mobile could possibly be cashed at a bank in a scam known as "duplicating."
3. Don't download apps you don't fully trust.
Just as in the case from the Usenix conference, third-party apps can pose threats to the information stored on your phone. By only downloading apps from recognized online stores, such as Apple's App Store or Google Play, you can read comments and reviews of apps and be more confident in their level of security.
4. Consider a malware protection program.
You may want to consider installing anti-virus software on your smartphone to act as an extra layer of security. Services such as Lookout can alert you to malware threats as well as help to retrieve your phone if it is lost or stolen.
In order to better protect yourself and your financial information, try to keep in mind how valuable the information on your smartphone is to a fraudster. The more sensitive the transactions you conduct using your smartphone, the more protective you should be.