Are mobile banking apps secure?

Date:18 December 2013 Tags:, , , , ,

Q: Our mobile banking apps are quite basic compared with those in the US, which allow cheque deposits. How secure are deposits, though?

A: When it comes to depositing cheques, the American apps function a lot like ATMs: a machine takes an image of the cheque and uses character recognition or manually entered numbers to record the amount deposited. (The phone uses its camera to image the cheque; an ATM uses a scanner.) To finalise the transaction, the bank verifies the routing and account numbers on the cheque against financial databases to make sure the cheque is legit, isn’t being deposited more than once and that the account it’s coming from has enough money.

Whether those account and routing numbers come from your phone or from an ATM doesn’t matter to the bank. What does matter is whether or not the data are collected and transmitted securely. With both phones and ATMs, those data are encrypted – even if a digital thief were able to grab information on its way from your phone to the bank’s servers, he wouldn’t be able to decode it. Plus, according to a representative from banking giant Citi, which supports mobile cheque processing through its app, not only is the information about the cheque encrypted, it is also never stored on the device itself, so you needn’t worry about images of your paycheques ending up in your Instagram feed.

Still, you should never use a mobile banking app on an open Wi-Fi network (in fact, never access any sensitive accounts over public Wi-Fi). And if you’re going to use such an app, make sure to secure your phone with a passcode – a different one from the code you use to log in to the banking app. To prevent accidentally downloading malware that could grab the information you enter into the app, only download apps from the official Google Play Store or iOS App Store; this includes, of course, the banking app itself, which can be trusted only if it’s created by your bank. Finally, the FDIC recommends staying away from SMS-based mobile banking because text messages can’t be encrypted.

If your phone doesn’t run apps, stick with brick-and-mortar or traditional computer transactions.