Mobile Security and Online Banking Best Practices

Stay Safe: Only the Official App and Website

1. The FBI’s Internet Crime Complaint Center has reported several schemes where fraudsters create fake bank apps and fake payment portals to deceive account holders. To avoid such risk, only use the official app from the native app store in your device, or the official banking website. 
2. Ensure your mobile device software and your mobile banking app are up to date. The bank works to ensure the app is protected from recent security threats, and the app routinely logs users out when sessions are idle. 
3. Activating security alerts, text or email, in your online account, and turning on mobile-app notifications in your phone settings, can provide you real-time alerts, such as updates to your balance, large purchases, or potential unauthorized use. 

Account Management Safety Strategies

The primary concern for mobile security is implementing security measures to lock down access to your accounts. The following strategies can be implemented immediately to elevate online security.

Increased Password Difficulty: Fraudsters have access to robust computer algorithms that can use your online footprint to guess passwords with any association to your personal life. 

• Creating strong, unique passwords that cannot be guessed is the easiest path to increased security for financial accounts. 
• As an additional measure, change your passwords to financial apps and accounts on a monthly or bimonthly basis, even if the institution does not require it.
• While it may be tempting and convenient, do not store passwords on a single device that can be easily found and accessed. Instead, consider incorporating a password manager into your daily practice if you need help keeping track of accounts and passcodes.

Unique Username: Just as unique passwords are vital to account security, you can further increase your account security with a unique username, instead of using your email address. 

• Remember to do this for all your financial accounts, even retirement accounts, investment accounts, third-party credit accounts, etc. 
• While multiple logins and passwords are more difficult for you, they will also be more difficult for bad actors to guess, preventing unilateral access to all your accounts. Having the same log in and password for accounts makes you vulnerable to unnecessary risk. 

Don’t Ignore TFA: Two-factor authentication (TFA), sometimes called multi-factor authentication, has become more commonplace because it increases difficulty for someone trying to steal your identity or log in to your accounts.

• TFA is a login security measure that requires a second proof of identity, other than just knowing a password—most often it’s a text or a phone call to a preset number.
• Fingerprint and facial-recognition capabilities are a more secure form of TFA, and should always be used when available. 
• For financial accounts, or accounts with other sensitive information, always opt-in or activate TFA. 

Mobile Device Security

Use the account management strategies to quickly and easily lock down all vital online accounts, and even consider using them for your mobile device as well. No robust and comprehensive security strategy for financial accounts is complete without the addition of best practices for mobile security. The following strategies can be implemented immediately to improve your mobile security.

Mobile Alerts: Remember, that in financial fraud and transactions, minutes make the difference. Check your account often, and utilize your bank card’s turn-off or lock feature, or call your banker directly, as soon as you detect unauthorized activity. 

Sync and Share Features: If you have longitudinal sharing capabilities across devices, like cloud sharing or a browser that syncs across devices, be sure all devices are secured with unique passwords. Or consider deactivating sync and share features across devices. 

Avoid Phishing, Smishing, or Account Takeover: Never open links or attachments sent via unauthorized communications, such as email, text messages, or even social media messages. 

• Always double check any suspicious requests or communications with your bank before responding to requests. 
• If you receive an unprompted text message or email thanking you for a payment, or notifying you of a pending payment, do not use links in these messages. 
• Delete the message, and double check your authorized activity in your official banking app or website to check for suspicious activity.

Final Thoughts to Keep You Safe

Each best practice you choose to implement is an added measure that complicates the efforts of bad actors and further secures your personal information and safeguards your financial assets. Being intentional about managing your personal account security is “a form of cyber hygiene, adopting small habits every day to improve the overall health and longevity of your online identity,” said Quinillo. “Because logins and passwords are such a constant part of daily life, it’s easy for it to become monotonous and mindless, but account holders should prioritize their sensitive information, especially their financial assets, by staying mindful and vigilant, and by taking extra precautions when managing their financial accounts online or on their mobile devices.”

Your community bankers at TRB can assist in keeping you safe and securing your financial assets. Always call ‘the people you know’ before you comply with a suspicious payment request or if you suspect your financial accounts may be at risk.

Helpful Links