NCSAM: Mobile Banking Apps - How Secure Are They?

Banking apps installed on your mobile devices (smartphone, tablet, etc.) allow you to quickly access your bank account to check your balance, pay bills, deposit a check, transfer money, secure a loan, and receive notifications such as exceeding a spending limit or notice of overdraft.

Constant access and convenience top the list of reasons for using a mobile banking app. According to Bank of America’s Trends in Consumer Mobility Report, three in five people have used a mobile banking app; 83% of these people access their app at least once a week; and 29% of folks checking their banking app(s) on a daily basis.

Unfortunately, the ease and convenience of mobile banking apps come with risks that can affect your personal and financial information. Although most banks will protect you with refunds if your account is compromised, you are encouraged to read the mobile applications fine print and determine the level of liability your bank will assume.

What can you do to protect yourself when conducting mobile banking?
  • Download the app from your bank’s website. The app, once installed, should require you to login with the credentials you have established through your bank each time you access the app. If the bank provides two-factor authentication for the app, use it.
  • Always log out when you have completed your tasks.
  • Enable only those app functions that you use. Disable all other functions.
  • Use a PIN, fingerprint, or strong password to protect access to your mobile device.
  • Always be aware of your surroundings. "Shoulder surfing" is a practice of looking over your shoulder to catch your PIN or login credentials.
  • Do not conduct mobile banking transactions using public WiFi. Public WiFi networks ­– such as those found in coffee shops, shopping malls, hotels, and airports – often send information in clear text, which is easy to capture and read. Only use a secure wireless network or your cellular carrier’s network.
  • Install all security patches and updates for your device’s operating system and apps. The patches and updates provide a layer of protection for you and your information, and keep the operating systems and apps working in an optimal fashion.
  • Install, enable, and update anti-virus software on your device. Click here for a list of free anti-virus apps developed for mobile devices.
  • Do not download apps from websites or those sent through email or text messages. These apps may contain malware that can infect your device and steal your information. To be safe, use your devices app download service. Do your research before downloading and read the reviews.
  • Uninstall any apps that you no longer need or use.
  • When providing personal information to apps that you use, submit only necessary information and consider how you are going to use it. For privileges and permissions, consider the necessity of having to provide your location, contacts list, or other information that you may have stored on your device. When you enable these functions, the apps are “always listening” for changes, which affects your level of privacy.
  • Know where your device is at all times. Activate the “find my phone” feature on your device. If you misplace or lose your phone, you can quickly locate it with this feature (provided it is still powered on).
  • If your phone is lost or stolen, report it immediately to your cellular carrier and your mobile payments provider. They have the capability of locking the phone. If stolen, file a police report.
  • Set up account alerts to inform you when a withdrawal has exceeded a threshold you have established, if an attempted login has occurred from a different device, or other changes to your account have been requested.
  • Monitor your bank account regularly. One of the strongest defenses is regular monitoring of your account. If you find suspicious activity or an unauthorized withdrawal, contact your bank immediately and, if necessary, file a policy report.
  • Think before you click. Be wary of clicking on links contained in email and text messages. Phishing attacks are designed to look like your bank, someone you know, or a firm that you do business with sent them. The links may contain malware designed to infect your device and steal your information. It is best to use a web browser and go directly to the bank’s site.

Those who conduct mobile banking state they save an average of 45 minutes a month because of the convenience. According to the Federal Trade Commission, 70% of consumers do at least some of their banking online, and 91% of those who do mobile banking prefer using the app over going to physical location. If you are a consumer of mobile banking or plan to become one in the near future, using good security standards will provide you with a greater degree of security and privacy when trying to protect your personal and financial information.

If you have any questions about cybersecurity or want to learn more about how to stay safe online, please contact University of Miami's Information Security Office (ISO) at:

Click here or on the image below to download UMIT's NCSAM poster:

Feel free to print this poster and share it with your colleagues/peers!