Some friends have expressed concern about online and mobile banking, given recent reports about cyberspace shenanigans, including the “hijacking” of my Facebook page.
Robert McGarvey, writing for MainStreet on MSN Money, addresses some questions on the safety of using mobile banking applications (apps).
Among his most important recommendations to make mobile banking safer is for people to set up a four-digit PIN or personal identification number (some gadgets, I found out, let the user choose between a PIN and a password) that locks the phone or tablet when not in use. “Fail to do that, and anybody can pick up your device and start clicking away. Create a PIN and that is a big protection,” he writes.
McGarvey says the PIN can be created in the “Settings” folder. In iOS, which Apple uses, “setting a PIN also activates data encryption, which means that even if a thief were to find a way into the phone, he would be confronted with indecipherable gibberish.”
Data encryption requires a separate step for Android-powered devices, he says. “Under ‘Settings,’ click ‘Security and Screen Lock,’ then data encryption.
No ‘jailbreaking’
“Don’t even think about jailbreaking an iPhone or rooting an Android,” McGarvey says. While doing so lets the user break free of restrictions of iOS or Android on what apps may be downloaded—which might be fun—jailbreaking, he says, nullifies many built-in protections in iOS and Android.
McGarvey quotes Domingo Guerra, president of Appthority, an app risk management firm: “The bigger problem, especially on the Apple side: a jailbroken phone can download apps from anywhere, not just the Apple App Store, where security checks on uploaded apps are rigorous. Download from anywhere, and that ups the possibility of encountering a counterfeit app, and we are seeing more of those.”
McGarvey says, “For Android users, the advice is to download only from the official Google Play store or from Amazon’s Appstore where, say developers, inspections rival Apple’s in rigor.”
In suggesting that people become more security conscious in using today’s smartphones and tablets, McGarvey says, “Mobile banking is the financial sector’s fastest-growing channel, with many experts predicting that this year it will eclipse online banking in volume.”
He stresses that, while banking apps may be a major convenience, they come with risks, hence the need to make sure sensitive data are secure.
“Praetorian, a security firm, said in its report that eight of 10 mobile banking apps contain security weaknesses. IOActive Labs Research claimed in its report that 90 percent of iOS financial services apps contain grievous flaws that put users at risk,” he says.
He says Dennis Fisher, security expert at Kaspersky Lab, which probes Internet vulnerabilities, suggests that consumers weigh convenience offered by banking apps against potential risks.
McGarvey adds that Terence Kam, founder of consulting firm eStrategyPro.com, has observed, “No matter how unsafe mobile banking apps are, they are still safer than banking through the web browser in your PC/Mac. Mobile devices’ operating systems are much more secure than PC/Mac operating systems because the latter is based on code design written decades ago, when security and connectivity were not issues. Mobile device OS are designed to make it extremely difficult to tinker (in Apple’s iOS, it is designed to make tinkering impossible), which means it is extremely difficult for malware to subvert the OS in order to steal information.”
Send letters to The Consumer, Lifestyle Section, Philippine Daily Inquirer, 1098 Chino Roces Ave. cor. Mascardo and Yague Sts., 1204 Makati City; fax 8974793/94; or e-mail [email protected].