10 Mobile Banking Safety Tips
Breaches and the identity theft that flows from them have become the third and fourth certainties in life. Phishing, spear phishing, pharming (the creation of clone sites to gather information from unsuspecting consumers) and persistent attacks on financial services sites have made navigating the online world far more treacherous than ever before. Credit unions are in an excellent position to help their members tiptoe through this cyber minefield.
Here are 10 tips credit unions, their employees and members can use to stay safe when banking online or on a mobile device.
1. Use strong passwords and don’t share them.
It doesn’t take long for hackers to decipher passwords that are extremely short or overly obvious (a member’s birthday or anniversary, for example). Rather than relying on a birth date or phone number as a password (or PASSWORD as a password), members should be encouraged to use difficult or not-easily-guessed passwords. Passwords should be at least eight characters long and include a mix of letters, numbers, special characters, punctuation and upper and lowercase. They should never be shared among financial, social networking and email sites. In addition, financial institutions should employ multifactor authentication for added security.
2. Change passwords regularly.
With recent revelations about the global risks of the Heartbleed bug and the resulting potential for widespread password vulnerabilities, changing old passwords is more important than ever. Unfortunately, many security glitches aren’t as widely reported, making password integrity something members don’t think about but should. Remember to encourage members to change important passwords quarterly (and more often if they can manage it).
3. Install robust antivirus software.
This is one of the easiest tools members can use to better protect themselves when conducting financial transactions online. The software should be updated frequently and should also include a web or online security component (some versions don’t). With the rise in mobile device use, remind members to protect their smartphones, tablets, and laptops, too.
4. Avoid clicking on email links.
Email is often the flytrap of choice for scammers who send out fake links designed to lure consumers to corrupt sites. Reinforce the message that members should never click on links in a suspicious email. When in doubt, they should type the URL directly into their browser window, or do a quick online search to check the URL’s validity. Phishing emails can take many forms, but some of the most effective are those that appear to be from your credit union and ask members to enter their account number or personal data. Let members know your organization (or any government agency for that matter) will never ask for sensitive information via email.
5. Confirm website authenticity.
Thieves love to use sleight of hand in the online world. They set up websites that look legit but are really just a front for their scam. Remind members to check the address bar to be sure the banking website they’re visiting is genuine. Not only should the site’s name be correct, it’s also best to look for “https” at the beginning of the address to confirm the presence of secure data protocols. It is important to advise members that if anything about your banking site doesn’t look right, they should avoid it and immediately report it to the credit union.
6. Use extra caution when surfing on public Wi-Fi networks.
The wireless signal at Starbucks or McDonald’s is convenient, but it’s just one more layer consumers need to scrutinize. Hackers often spoof network IDs to lure in unsuspecting users and steal the data that transits through. When in doubt, members should either opt for a home or corporate Wi-Fi network to conduct their online banking or use the cellular network (typically a more secure solution) on their mobile device.
7. Be wary of downloads.
Sites commonly offer information for download — product descriptions, location maps, signup forms, contest entries, menus, etc. — but members should be careful where they receive their content. Malware-laden files often masquerade as legitimate items, infecting the user’s computer or mobile device and potentially stealing sensitive data or compromising the security of online activities.
8. Limit sensitive data stored on computers and mobile devices.
One of the best ways to foil online thieves is to deny them access to the valuable information they seek. That means members should remove sensitive data — passwords, account codes, etc. — from their smartphones and tablets on a regular basis, preferably after each banking session. And for extra protection, they should never save User ID’s or passwords. When it comes to financial services, convenience must never trump security.
9. Check accounts and credit reports regularly.
No matter how careful members are, it is a near certainty some of their accounts will be compromised and/or they will become victims of identity theft. Therefore, it is imperative they monitor their credit reports, check their bank and credit card accounts frequently and enroll in the free transactional monitoring programs typically offered by credit unions. Early detection of a compromise can help to prevent an annoyance from becoming a nightmare.
10. And finally, credit unions must work with members to build a culture of security, through open communication and ongoing education.
It’s difficult for the average consumer to stay current on the latest online threats whereas credit unions often have internal teams who already focus on those types of risks. The more information that’s available to members regarding threats and risk avoidance, the better they’ll be able to conduct their online banking in a safe, secure way.
Adam Levin is founder and chairman of IDT911 and Credit.com. He can be reached at 480-355-8500 or firstname.lastname@example.org.