A rock climber clinging precariously to the side of a cliff gets a text alert on her cell phone that her checking account balance is low. She quickly transfers funds to avoid an overdraft, then resumes her ascent.
A husband and wife on a road trip suddenly remember they forgot to send their car payment before they left home. No problem -- the wife, sitting in the passenger seat, zaps it off from her handset as they zoom down the highway.
Judging from these TV commercials, using a cell phone to check your bank balance, transfer money and pay bills seems like a no-brainer, so easy and convenient that anyone who doesn't do it must be some kind of Luddite. More than 3 million people used mobile banking last year, up a remarkable tenfold from a year earlier, according to ABI Research, a technology market research firm. And that trajectory is likely to continue.
If you're not yet using your phone to check your balance, pay your bills or move money from account to account, you will soon. "There's little doubt that the era of mobile banking is coming," says Mark Schwanhausser, an analyst at Javelin Strategy and Research in Pleasanton, Calif.
That begs the question: How safe is it?
With all the tech-savvy crooks and identity thieves lurking about, is it really a good idea to have your precious financial information floating around the airwaves or residing on a piece of gear that you could easily lose? According to a recent Javelin study, security, or the lack thereof, is the No. 1 fear among potential mobile banking customers.
The good news is that the fear is so far worse than the reality, thanks in part to the financial industry's heavy investment in security technology. Among other things, "all information transmitted between servers and the mobile device is encrypted as with regular online banking," says Steve Furman, Discover Card's director of e-business. As a result, "the likelihood (of fraud) is no greater than using your desktop browser," he says.
Discover, like many banks and credit card companies, promises to cover 100% of a customer's mobile fraud losses. Other banking institutions, such as Bank of America, offer zero liability as long as customers report any fraudulent transactions within 60 days and have not violated other protection rules.
Mobile banking comes in three different flavors. Most banks emphasize one method or a combination of them.
SMS: Short messaging service, or SMS, works with just about any cell phone sold in recent years. Basically, it involves you and the bank exchanging text messages like infatuated teenagers. Once you have registered your phone with the bank, you can ask the institution to send you a text alert when, say, your checking balance drops to a specific level or when your credit card is approaching its limit.
You can also request your current balance by sending the bank a message code, like BAL, and get a quick response. By sending various codes, you can learn what checks have cleared recently or move funds to a linked credit card. Because the bank will accept instructions only from your phone, you don't have to worry about someone impersonating you unless you lose or loan your phone.
Be aware that some scammers send SMS messages purportedly from your bank, requesting your personal identification number, account number or other information. Any such request for information is almost certainly fraudulent. To make it easier to determine at a glance that text messages from your bank are authentic, add the bank's short code to your contact list under the bank's name.
Mobile Web: This method uses an Internet browser to access your bank's or credit card issuer's Web site, just like you would do from your home or office computer. Many cell phones still don't have a built-in mobile browser, and many people haven't subscribed to a cellular data service. But that's changing with the popularity of Apple's iPhone and other smart phones equipped with QWERTY keyboards and bigger screens. Some financial institutions, including Bank of America and Discover Card, have created special Web pages formatted for mobile screens.
Mobile browsers are theoretically susceptible to the same kind of security risks as a home or office computer. In reality, they are probably somewhat safer at the moment because creators of password-pilfering viruses and Trojan horses haven't yet fully focused on the mobile market. Of course, mobile Web users are as susceptible as anyone else to the phishing scams and spoofed Web sites that try to trick users into disclosing passwords and other personal data.
The best way to protect yourself is to exercise the same level of computing safety you do at home or work. Avoid following links in e-mails purportedly sent by your bank, especially those that require you to enter passwords or other confidential information. Instead, use your browser bar to enter your bank's Web address. Better yet, save the Web link to your bank's login page as a bookmark to avoid the possibility of mistyping the URL.
Client applications: Client application programs, which can be downloaded and installed on smart phones, link you directly with your bank's computers. Financial institutions such as Bank of America and Citibank have developed applications for the exclusive use of their customers. Others are provided by third parties such as AT&T and can be used to access accounts at many banks.
Although they can require a bit of effort to install, client applications are popular because they're often faster than logging in to a bank Web site, and their user interfaces can be simpler to navigate on a small screen.
Theoretically, at least, proprietary applications are highly secure because they are designed to work with a bank's own security algorithms. And because they don't use Web browsers, these applications are resistant to phishing scams. The downside is that some programs can store sensitive information on the phone itself and can allow the user to remain logged in for extended periods. This can be hazardous if a lost phone ends up in the wrong hands. If you use such an application, disable these options if possible. To minimize the risk of obtaining a rogue application, download the program from a trusted source, such as the bank itself, or a reliable vendor, such as iTunes.
No matter what kind of mobile banking method you use, reduce fraud and protect your money by following a few common-sense precautions:
- Set the phone to require a password to power on the handset or awake it from sleep mode.
- Whether you're using the mobile Web or a mobile client, don't let it automatically log you in to your bank account. Otherwise, if your phone is lost or stolen, someone will have free access to your money.
- Avoid sharing your password, account number, PIN, answers to secret questions or other such information. Don't save this information anywhere on your handset.
- Immediately tell your bank or mobile operator if you lose your phone.
