Online banking can be a fast and convenient way to carry out financial transactions. It is important to protect yourself online, including your personal and financial details, against scammers. Taking the following steps will help to protect you when banking online. Never give out your personal, credit card or online account details: Never respond to emails or phone calls from someone claiming to be your bank and asking for account details. Genuine banks or financial institutions never do this. This is what scammers do to steal your identity and your money. If this happens: Phishing scams are a popular method used to gain your financial details. Scammers send emails or SMS messages that appear to be from your bank, a financial institution or an online payment service. They usually claim that there is a problem with your account and request that you verify your details on a fake but convincing copy of the bank’s website. Card skimming is the copying of information from the magnetic strip of a credit card or ATM card. Scammers skim your card by putting a discreet attachment on an ATM or EFTPOS machine. They may even install a camera to capture your pin. Once your card is skimmed, scammers can create copies and make charges to your account. Credit card scammers aim to steal your credit card details either by taking the card or by tricking you into giving your card’s details. Immediately cancel lost or stolen credit cards and beware of card-not-present fraud, where scammers use your details to pay for things online or over the phone. Keep a close eye on your credit card statements to help you pick this up if it happens. Banking and credit card scams
Online shopping
Even before the COVID-19 lockdowns, mobile banking was taking off. Thirty-three percent of bank customers were using a mobile app before the pandemic, according to a survey conducted for the American Bankers Association. Today, 44 percent of bank customers use a mobile app.
But is mobile banking truly safe? Bank fraud is popular with identity thieves, who steal personal credentials, usually for financial gain.
Is mobile banking safe?
Cybersecurity experts say mobile banking is safe, but urge consumers to take certain precautions.
“If you download the mobile app from a secure store, that is just as safe as visiting a bank branch,” says Paul Benda, senior vice president for operational risk and cybersecurity at American Bankers Association.
Benda says the safest place to download a mobile banking app is from your bank’s website.
“Banks use extremely secure, high-end encryption technologies,” Benda says. “We like saying that mobile apps are like having a bank branch in your pocket.”
Watch out for these types of cyberattacks
There are myriad ways that fraudsters target consumers. but the the FBI cites two forms of cyberattacks in particular:
1. App-based banking Trojans
These are hidden in unrelated apps such as games or tools that are downloaded by unsuspecting bank customers. These “sideload” apps, which are downloaded from unofficial sources, might conceal malware that is dormant until a user launches a legitimate banking app. Then the Trojan creates a pop-up overlay that mimics the bank’s login page. When customers enter their username and password, they are seamlessly directed to the legitimate banking app login page, with no idea that they have been scammed.
“The malware can be downloaded in a variety of ways, such as SMS (short message service, or text) with a malicious hyperlink,” says Teresa Walsh, global head of intelligence at Financial Services Information Sharing and Analysis Center (FS-ISAC), which mitigates cyber threats in financial services. “This type of malware is actually on sale on the criminal underground marketplace.”
2. Fake banking apps
These apps impersonate the real mobile apps of banks and are designed to trick users into entering their login credentials. The FBI say it is “one of the fastest growing sectors of smartphone-based fraud.”
Should you use a mobile banking app?
If you’re worried about using a mobile banking app, be aware that security threats exist everywhere, including inside the bank lobby.
“There is the risk that the bank employee will do something that is illegal, like stealing your banking information; this is known as an insider threat,” says Donald Korinchak of CyberExperts.com.
With a mobile app, “there are potential vulnerabilities related to the security posture of the app itself – vulnerabilities in code, encryption methods, et cetera – and also potential vulnerabilities related to the transmission of information,” he says.
“In both scenarios, the bank invests heavily to ‘bake in’ security,” Korinchak says. Financial institutions monitor their employees’ behavior and also look for vulnerabilities in their app that can be patched before they are exploited by criminals.
There are also precautions you can take to reduce the risk.
How to protect yourself against mobile banking fraud
1. Download a verified banking app from your bank’s website.
Many banks feature links to the app stores from their websites to help you download the right app. “Your bank should have available information on what type of mobile app they use, what features are on it and what you need for access to it,” FS-ISAC’s Walsh says. “Then, use a reliable app store, paying attention to the owner/developer of the app and whether there are other apps with the same name.”
Talk to your bank to make sure, but never download an app found on an open forum.
2. Make sure your bank uses two-factor or multi-factor authentication.
Two-factor or multi-factor authentication requires bank customers to prove their identity when logging in to accounts by providing at least two pieces of authenticating information. This is usually a password or PIN as well as a confirmation code sent via text message to their cellphone.
Two-factor authentication vastly increases security, Korinchak says, but isn’t 100 percent secure. “Someone could gain access to your phone or someone could intercept the SMS traffic to gain access to the code,” he says
3. Use a strong password.
One of the best ways to protect yourself is to use a password that contains random upper and lower case letters, numbers and symbols. Don’t ask your browser to remember it for you either; use a reputable password manager instead.
“Reputable password managers are coded in a way that reduces risk to the user and are highly hardened against potential attackers,” Korinchak says. “Most cyber security experts recommend password manager software.”
4. Avoid using public Wi-fi.
When you log on to a public Wi-fi hotspot, you often get a warning that you’re not on a secure network, and that others may be able to watch your online actions. That’s a strong reason not to conduct any financial business using a public network. Instead, use your cellular network or your home wi-fi to better protect your personal information.
5. Get smart about phishing and smishing.
Phishing emails often look legitimate, like they really are from your bank or credit card issuer. But ID thieves use them to trick people into divulging personal information, and they may contain malware.
Smishing is the same tactic, but conducted through text messages.
“Users should be familiar with their banking application in the first place to detect abnormal questions or pop-ups that look slightly different than the usual features,” Walsh says.
6. Set up alerts via email, text or the bank’s app.
A quick notification from your bank about transactions on your account can help you detect potential fraudulent activity. You can then address the matter with your bank in a timely manner.
How banks protect customers from cyber threats
Banks, credit unions and investment firms invest heavily to shield themselves against cyber attacks.
“I think it’s safe to say banks spend billions to protect customer accounts,” says ABA’s Benda. “Due to Regulation E, they’re on the hook if there’s an attack.”
Regulation E limits consumer liability to $50 if an unauthorized electronic funds transfer is caught by a customer within two business days, and up to $500 if caught outside the two-day window. Financial institutions are responsible for everything above that amount.
“Banks have very robust controls in place to control fraudulent activity,” says Benda. “A lot depends on consumer behavior, making sure consumers follow safe practices.”
Bottom line
Banks spend a lot of time and money to protect their digital operations (including mobile apps) and their customers from theft and fraud. Customers have to do their part too to best guard against attacks by practicing safe mobile banking habits.