Mobile Banking. Is It safe?

Mobile banking security in the US and all over the world.

Mobile banking (also referred to as m-banking, phone banking, SMS banking, etc.) means conducting account transactions via a mobile phone. For banks, mobile banking has become the most promising medium of reaching out to their customers because of the ability to provide services at any time or place in the world (of course, if there is cell phone reception). That’s why news headlines weekly report about new financial institutions launching mobile banking.

According to statistics, nearly 70% of Americans use a mobile phone, and the demographics of mobile phones users are much more diverse than that of Internet users. That’s why m-banking, or mobile banking, is so popular in the U.S. It opens up new opportunities for financial institutions interested in providing their services and attracting new customers.

Using comprehensive mobile technology, financial institutions can offer a wide array of different services to their customers. The basic options include bill payments, balance inquiries and transfers among accounts owned by the same person. However, many banks offer more sophisticated solutions, such as getting bank statements, receiving minimum balance alerts or even performing stock trading.

Mobile banking provides exceptional convenience for all cell phone users. There are various m-banking methods to cover different capabilities of mobile phones: text messaging, the mobile Internet, and special programs called “clients” that are downloaded to mobile devices. So even if your phone does not support Web browsing, you can still take advantage of m-banking.

Text messaging is the most popular method of mobile banking. However, its functionality is limited to two or three services. Web browser-based solutions are more sophisticated than text messaging and provide the same range of options as online banking. M-banking clients, generally created for smartphones, are the most comprehensive systems. They provide a fabulous combination of speed and functionality.

Is mobile banking safe?

The experts are very optimistic about the future perspectives of mobile banking. They think that it will grow much faster than online banking. Carrying a cell phone is much easier than carrying a laptop!

Mobile banking is generally considered safer than online banking. The main threats to online security, such as viruses, Trojans or other data-stealing software don't exist for cell phones. So the risk of being infected on a mobile phone is minimal in comparison with a PC.

The main type of scam that mobile banking users should avoid is called "Smishing." It is a variation of the e-mail phishing scam. Smishing occurs when a person posing as a financial institution sends a text message requesting personal information or a social security number. You will be asked either to click a website URL or to call a phone number that connects to automated voice response system.

The smishing message usually contains information that will definitely capture your attention. For example, you will receive a notice that you have been subscribed to a paid site, and you need to click a link to cancel this subscription. Or the thieves can write that your account has been suspended and you need to reactivate it by making a call.

The link will redirect you to a legitimate looking website where you will be asked to enter your SSN, credit card number, PIN, email address, etc. If you need to make a call, you will be connected with a legitimate sounding automated voice response system which will ask for the same pieces of information.

M-banking rules and regulations

With the rapid development of mobile banking, users have faced a very serious problem: there are no specific laws concerning this industry. The lawyers just can’t follow the pace at which mobile banking is developing.

Banks need to take into consideration regulatory and security issues involved with implementing mobile solutions. First of all, it concerns third-party vendors (such as software developers, telecommunications companies, etc.). Some of them may not have any experience handling personal financial information.

There are just a few states that require vendors providing services to a bank and its customers to license as money services businesses. That’s why it is necessary for financial institutions to evaluate the risks associated with outsourcing mobile solutions to a vendor. Banks can implement a system that will help them evaluate vendor’s capability to provide such services.
Nowadays consumer privacy is regulated under the Gramm-Leach-Bliley Act, or GLBA, and the USA PATRIOT Act.

GLBA includes several acts intended to protect the consumer information from threats in security and data integrity:

• The Financial Privacy Rule controls the collection and disclosure of customer information by financial institutions and companies who receive such information. This law requires providing each consumer with a privacy notice explaining what information is collected about the consumer, where that information is shared, how that information is used, and how that information is protected.

• The Safeguards Rule obliges all financial institutions to create, impose and maintain safety measures to protect customer information. This rule applies to financial institutions that gather information as well as financial institutions that receive information from other organizations.
The companies should develop a written information security plan describing how the company is protecting consumer privacy. This rule forces financial institutions to take a closer look at how they manage private information and to analyze possible risks.

The USA PATRIOT Act, also known as the "Patriot Act", lets law enforcement agencies search financial records, telephone and e-mail communications in order to freeze terrorist funding. This act also gives the Secretary of the Treasury more authority to regulate financial transactions of foreigners.

So even though mobile banking data is encrypted, it is necessary to impose privacy requirements on vendors, because some of them might not fall within statutory requirements to keep all customer information confidential.

Mobile banking in the world

M-banking is popular not only in the U.S., but also all around the world. The reason can vary from country to country. For example, in Europe people use m-banking because the level of mobile phone penetration is very high (at least 80% of consumers use a mobile phone).

In Asian countries like India, Bangladesh, China, Indonesia, Korea and Philippines mobile infrastructure is better than the fixed-line infrastructure. M-banking can be performed by people with moderate and low income because it does not require a PC with an Internet connection (it is not a big obstacle if for people in the US and the European countries). In Latin America countries like Paraguay, Brazil, Uruguay, Venezuela, Colombia, Argentina, Guatemala and Mexico m-banking has a great success due to the same reason.

However, similar to the US, these countries do not have separate laws concerning m-banking. This industry is typically regulated by guidelines describing the banking transactions and handling personal financial information. For example, in India only the banks that have a physical presence may offer mobile payment services. Only India rupee services should be provided.