Posted 2 days ago

How safe are mobile phone banking apps?

There is an article on a Facebook group for my area where a lady had her phone stolen and her bank account was emptied.

I have heard numerous stories similar to this over the last year or so where phones have been stolen and bank accounts emptied.

So how safe are mobile phone banking apps?

I now have two mobile phones, one were I do I my online banking, but I never take it out the house. Another "cheap" phone and cheap sim where I do NO mobile banking which I DO take out the house.

I know this is a bit paranoid but I don't want to risk having my phone hacked and my bank account emptied.

Example article here:

newmoneyreview.com/ind…es/
Community Updates
New Comment

41 Comments

sorted by
's avatar
  1. bigwheels's avatar
    I’ve edited my text so it only shows a text has arrived. No other info.
    Plus you need to sim lock the sim.
    Or the sim can be taken out of the phone and put in a new one and they can get access.
    On android go to Setting Notifications, Lock Screen, Format, show notifications but hide content,
    Show notifications but hide content. (edited)
  2. MonkeyMan90's avatar
    Banking apps are very safe. You either have to put your login details or use biometrics (fingerprint) I think there's more to the story than being told because somebody can't just take your phone and wipe your bank.
  3. RoosterNo1's avatar
    It's not the banking apps that are the issue here, it's the human factor.
    You must secure your phone access... Even then you could be err, persuaded to give access !
    As for the apps themselves , they are as secure as secure gets.
  4. bozo007's avatar
    In most cases like this, the human user is usually the weakest link. Far too many people keep their phones unlocked / have weak passwords / weak PIN, etc.
    slimy31's avatar
  5. Pájaro's avatar
    One of the problems that don't seem to have been mentioned here is that phones don't just represent a single attack vector, but several. So -

    1. There's access to your phone via security holes (which can be a danger with older devices that no longer receive security updates) or malware

    2. Access to your phone's contents, either via an exploit to circumvent PINs / fingerprints / slidepatterns, or there not being a suitable one set. Locks aren't as strong as you might think - I hacked my manager's phone (we're friends, it's okay) by following his finger grease pattern, my mate's 10yo (he's a little turd) hacked my phone by videoing me putting my 6-digit code in in slow-mo and following my steps.

    3. Access to your texts. Lots of phones, by default, will show the content of a text on a lock screen (or on a companion device, like a paired smartwatch), making it easy to get OTP codes. This is something that should obviously be disabled.

    4. Access to your SIM. If I steal your phone, I can bin the phone, keep the SIM, and put it into a new device. I can now receive texts sent to you, again giving me access to your OTPs. Some banks (and telecomms companies) also take the number of an inbound call to be unconfirmed ID for an inbound caller, and there's an extra danger there because the extra info they tend to ask for tends to be stuff kept near or alongside phones. A SIM lock can help mitigate this.

    Personally, what I do is similar to what you're already doing, which is run two phones, using the second phone as my online banking phone, keeping it as locked down as possible, and also having it populated with a SIM which carries a number that's basically irrelevant to all my online banking stuff. The primary phone's locked down too, but that's all I can do, really. The rest is down to the bank's anti-fraud, which can be of varying quality.
  6. FrampyStinkwonkel's avatar
    Facebook Post....says it all
    guilbert53's avatar
    Author
    Sorry, but I am a little confused by your comment,

    I looked at Facebook on my Windows desktop PC not on my mobile phone so I am not sure how this affects my banking apps.

    I am very interested in beefing up the security on my mobile phone and my desktop PC so could you explain your concern about Facebook?

    Thanks
  7. Misslovely's avatar
    So you have a password on your phone? If you do why do you leave it home unless you live in the slums area
    And phones have Face ID these days , so do banks so when I pay for goods the transaction banks asks for my Face ID before paying.
    Bbqueue's avatar
    🤦🏻
  8. eset12345's avatar
    The only way you'd have your account emptied is if you've stored your login details on your phone, or if someone has chopped your finger off to use the fingerprint scanner, and even then you'll normally have to enter your password to setup new payees.
    slimy31's avatar
    See the article I posted above, no need to remove fingers to get past a stolen phone's fingerprint scanner. As for new payees, for my account I just need to reapply my fingerprint, no passwords are involved.
  9. Deedie's avatar
    Half the people in my area use 1967 as their pin for their phone. The other half use 1690. So if you ever find a locked phone in the west of Scotland, good chance you can unlock it very easily. Probably bank cards have the same pin
    mutley1's avatar
    a lot of people use their year of birth as their PIN, so if their bag is stolen and there is a driving licence or ID in there with this information, hey bingo for the thief

    or someone who knows them steal the phone or discreetly borrows it!
  10. m4rmite's avatar
    Facebook and security don't go in the same sentence.
    nopartylikeansclubparty's avatar
    Apparently Facebook and insta are moving to P2P
  11. slimy31's avatar
    I do agree with your approach. The mobile phone has now become a gateway to your whole life. Two factor authentication is a great idea, but when the 2FA text message comes through to your phone and appears on your lock screen, you don't even need access to your phone to get in.

    But as the article shows, some are better than others. I knew some were weak, I didn't appreciate how weak.
  12. steve1221's avatar
    An important point here is, NEVER keep your bank card with the phone. If they have both, they have a good chance of getting into the bank acc.
    Denney_Masters's avatar
    I hate those phone cases that have your bank card photo ID and everything in the case too.
  13. moneybanks14's avatar
    Been using banking apps since they were first in beta.. Starling bank account holder since they first started more or less. Incredibly secure. I have fingerprint access and passcode access.

    Lock screen is set to not show sensitive content so for banks I will get a notification but it won't show anything until I unlock my device.

    It's always doubled up on authentication now. Love what banks have been doing these last few years to keep your money secure
  14. guilbert53's avatar
    Author
    Thanks for all the useful replies so far.

    I have worked in computers for most of my life (at IBM) and I am now retired but still interested in computers and technology.

    I had no idea about some of the suggestions on here like "lock your sim" or options like "show notifications but hide content" so I will research them.

    As I am interested in technology I have been alarmed over the last few years at the rise in scams in all their various forms and I do try to make my computer and phone as secure as I can (but looks like I have a lot to learn).

    Seems we have now made available to the public these very complex mobile devices yet many people (like me) have no idea of the various settings that can make your phone even more secure.

    If someone can list, in simple terms (or point me to a web site) that details these settings I will pass the info on to my family and friends.

    Thanks again for all the help.
  15. mutley1's avatar
    it is safe as long as you lock your phone with finger print and secure PIN that no one can work out. without the phone being unlocked, they can't access your bank app, and when you log into the bank app, it needs finger print (if you have set it up on the bank app) or bank app PIN number. if you want to be really secure, then have a different PIN for the phone and the bank app.

    also you should set up findmyphone to wipe data remotely when it is lost as well as locate it, so you can remove everything on the phone if it is stolen or is lost via your laptop/pc so there is nothing for the thief to steal.
  16. bobogago's avatar
    my phone has face unlock disabled and lock screen message content hidden when out of the house.
    mutley1's avatar
    face lock isn't secure. for that reason i don't use it on my phone as I have banking apps on there. i use finger print but the most secure is the PIN number.
's avatar