Call it banking's Pogomoment: We have met the enemy and he is us.

“The weakest link in the online and mobile banking securitychain is the end user,” said Mike Moir, an executive with securityfirm Entrust.

The key insight: as much as credit union IT security personnelneed to keep aware of what cyber-crooks are cooking up, they alsoneed to stay well aware of what members may be doing to(unwittingly) undermine their own security and safety.

The core reality is that, right now, “there is more securitywith a mobile device than a desktop computer,” said Terrence Spies, chief technologyofficer at Voltage Security. “There is not much controversy about that.”

That comes as a surprise to many – fears about mobile securityalways rate high among the reasons people say they do not do mobilebanking. But the reality is that mobile devices on the chiefoperating systems – Apple's iOS and Google's Android – arearchitected in ways that make the traditional cyber-crook gambitsimpossible.

Nobody thinks this era of safety will long persist. Theconsensus among security experts is that it is “just a matter oftime before fraudsters throw their considerable resources aftermobile banking,” said Steve Santorelli, a cyber security expertwith research firm Team Cymru.

Until then, however, we exist in an era of comparative safety –except to the degree we the users undermine ourselves.

One problem: “People don't always see that there even could beany risks especially with mobile. It is just a phone, isn't it?,”said Moir, who added that the computing power of today'ssmartphones usually is much greater than the power of the computersusers went online with for the first time in the mid 1990s. Butbecause some see it as “just a phone,” they don't begin to takeprecautions.

Call that the background to proliferating member errors – errorssmart credit unions need to anticipate and, to the extent they can,safeguard against.

Here are the top five: Using passwordsthat are just too easy to guess.

Just about every security expert points to this because surveys find that still among the most popular passwords are,you guessed it, password or123456. Some email and etailer sites reject thiskind of password as too weak but, in general, said the experts,financial institutions are reluctant to raise barriers to memberuse of mobile banking and if that means swallowing poor passwords,so be it. But those same experts suggested credit unions would domembers a favor by urging them to use tougher passwords. Re-using widely usedpasswords.

That is a key error pinpointed by Entrust executive Mike Byrnes.It's human nature to try to maximize use of secret codes – thusnecessitating less memorization – but it can be dangerous. Byrnessaid he saw little harm in using the same password for, say,Twitter and Facebook – but do not also use it at a critical sitesuch as banking. The recent LinkedIn password hack illustrated why. Not re-setting phones to original factorysettings when discarding or selling.

Said Geoff Webb, director of product marketing, at dataprotection company Credant: “Users should re-set their phone tofactory initial settings before even considering selling, recyclingor donating their device. The biggest concern is that, obviously,personal information will be left on the phone and accessible towhoever subsequently owns it. However, people should also thinkcarefully about the things that the phone has access to.”

Incidentally, this is easy to do with most phones. On an iPhone,for instance, click SETTINGS, GENERAL, RESET, ERASE ALL CONTENT. Ina few clicks data is deleted. The process is `as simple on Androidand BlackBerry. Downloading apps fromunverified sources.

The app may say XYZ Credit Union but don't think aboutdownloading it unless it's via a link on the credit union's websiteor from a well-known apps store such as Apple's, Amazon's orGoogle's Play.

All manner of mischief may have been added into an otherwiseofficial app that is available from third-party sites.

Big banks, said the security experts, devote substantial staffresources to hunting for such illicit apps. The risks are just asreal for smaller credit unions and that is why many experts suggestregularly warning members to use only approved apps from majordownload locations. Clicking on unknownlinks in email.

Security experts say there is a paradox. Most computer users bynow have grown wary of clicking on unknown links in email on theirdesktop or laptop. But when that same email arrives on a mobiledevice – with its tiny screen which may make it harder to attemptto read the full URL address – we just may click away.

Phishing scams targeting mobile phone users are already epidemicand are on a steep rate of increase, according to the securityexperts. Bogus emails – masquerading as alerts from financialinstitutions, for instance – keep growing in numbers and lately,said the experts, more of us are again clicking on links frommobile devices.

And when crooks are given a member's user name and password bythe member, their job gets very easy indeed.

Bottom Line: Mobile banking securityis strong but member education can keep it strong, said Q2ebankingexecutive Jay McLaughlin. “Members must play a part in being the solution.That is what we are starting to advise our credit unioncustomers.”