Don't Be Afraid of Mobile Banking Apps

By Tim Matthews, Symantec@banktech

(Excerpts from article appearing in Bank Systems and Technology web site, September 5, 2012)

Most users want easier and more convenient access to their bank accounts, but they are not aware of how safe it is to use a mobile banking app. In reality, banking via a mobile app is as safe as walking into a bank and interacting directly with a teller, and it is actually much more secure than banking through a browser on a personal computer. Why? Because banks can control the security on an app much easier than through a browser.

When customers use their browser to do their banking, they leave themselves open to malware and man-in-the-middle attacks. As we've seen in recent bank breaches, hackers can gain valuable information about users' bank login credentials, even their two-factor authentication credentials in some cases, by keylogging and stepping in between a user and his or her bank's website. Even when a bank has strong security, if users' computers are infected with malware or a virus, they may be vulnerable to attack. This same threat is also possible on mobile browsers.

Mobile apps, on the other hand, provide a direct link from the device to the bank, without having to go through any additional browser or third-party application. This means banks have much better control over the security and connection of customer interactions. Because these apps are built specifically for a particular bank and its customers, the bank can provide a secure connection using SSL encryption and two-factor authentication that meets the institution's unique needs.

A consumer may ask: "What if someone gets a hold of my phone? Can't they then access my account?" Even if someone is able to obtain a customer's phone, they will still be required to put in a username and password, and if available, provide a second factor of authentication, in order to gain access to the accounts.

Tim Matthews is senior director of product marketing for Symantec's information protection team. He is responsible for setting product positioning and marketing strategy for data loss prevention, authentication and encryption solutions protecting hard disks, removable media, email, shared files and other critical data.