Don't look now, but the future has arrived. These days, you can hire and pay an Uber driver from an account on your smartphone or mobile device. In select cities, you can shop for Amazon items at a retail storefront and pay by using your smartphone or mobile device without cash and without even interacting with a cashier. In beverage and food specialty storefronts, such as Starbucks and Dunkin' Donuts, you can pay by using brand-designed apps that keep your credit card or bank account information. But have these modern-day conveniences pushed the envelope too far in terms of security? Has convenience become more important than protecting your personally identifiable information (PII)? And perhaps, even more important than your PII, what happens if your checking or savings accounts get hacked and your accounts are drained of funds?
Consider your neighborhood financial institution. Years ago, you might know a teller and visit him or her on a weekly basis to cash a check. Those days are long gone. With the invention of the automated teller machine (ATM), and now being able to scan checks into your smartphone to make a deposit, there’s never a need to go into a bank. In fact, with some types of accounts, you pay a fee to do so. Once ATMs popped up at gas stations, malls, and arenas, banks started losing their purpose. This may be one reason that so many have moved into supermarkets – to make it easier to interact with bankers for loans, cashier's checks, opening and closing accounts, etc.
As technology has evolved, so have data breaches. The financial industry has been a huge target because it handles a large amount of PII including bank account holder names, account numbers, addresses, and money. Has your bank had a breach? Do you even know?
About a dozen years ago, I was the victim of identity theft. Ironically, I was alerted to the identity theft by my bank. The thief used a check from a dead account from one bank and used my signature from one of my checks. I never learned exactly how, but it’s my opinion that it was probably a back-office job. The thief then wrote a check for one amount, deposited half and withdrew the other half from my account. Example: Deposit $200 and then ask for $100 cash back. This happened twice before my bank sent me a letter asking for the identity of the account holder of the dead check. In order to prove that I did not write the bad check, I had to go into my bank and sign a document. The document was used to compare signatures, and I had to provide other identifying proof (my driver’s license) so that the bank personnel could compare signatures. About $500 total was withdrawn from my account. The bank closed the account, and I also filed a theft report with the police. I was told since the amount stolen was under $10,000, it was unlikely that this incident would be pursued.
I share my experience because, these days, identity theft is a much-too common crime. And with the explosion of mobile banking applications, users need to weigh the convenience of the apps' capabilities with the possibility of losing their data and their privacy. Remember, with convenience comes the loss of security.
For those who don’t use mobile banking, here are some capabilities that mobile banking apps offer:
- Review account balance
- Get e-statements
- Transfer funds to different accounts
- Receive mobile alerts upon receipt of direct deposits
- Pay bills – schedule single or recurring payments
- Make deposits using a smart device camera
- Locate ATM's with directions
- Use cardless ATM's – some generate a numeric code a user enters along with a pin, while others use beacons and the phone’s camera to scan a code
- Monitor credit score for free
- Schedule time with a banker without having to call a branch
- Access bank's customer service department or list of FAQs
- Send cash to other people through transfer programs, such as, Venmo or Zelle
According to Robert Barba (Twitter @Barbawire) of Bankrate.com, "The rise of technology has threatened the role that banks play in our lives. Many bank executives are worried that services like Uber could make their brands less top of mind and leave them more like plumbing. Mobile banking is an opportunity for banks to nurture those relationships by finding ways to be there when you need them. Card controls are a great example of that, but banks are exploring other approaches, like sorting through your transactions to see where you may have overpaid for an item or showing you local deals in your neighborhood." There goes a bit more of your privacy!
Apps like Rocketmortgage.com now allow you to apply for a mortgage with a few simple clicks. So why not personal loans next? For convenience, how much security are we willing to give up? Currently, there is nothing to stop a bad actor from stealing your PII and applying for a loan by app or online. Therein lies the problem. One can manipulate the system because face-to-face transactions are not required. One level of security has been removed. If a banker or a “mortgage professional” has never met you, how does he/she know you are who you say you are?
If people choose to use mobile banking apps, they should be required to use biometrics (i.e., a fingerprint, face scan, or retina scan) to log in. At the moment, all anyone needs is a password and user name. Biometrics is not a requirement. And the financial institution should be diligent in protecting user information. To quote Preston Packer from Flexcutech.com, "In this mobile and digital age where we trade our secure information freely, it's important to be able to stop the flow of our vital information on a moment's notice if something suspicious arises."
But banks should also take a closer look at the fundamentals of securing the machine identities used by banking applications. Machines talk to other machines, whether they are servers, laptops, applications or mobile devices. And we all know how important it is for those communications to be secure, particularly when it comes to mobile banking. Encryption gives users the assurance that their machine (or mobile) is communicating with the machine it should be talking to and that those communications are secure from eavesdropping. Keys and certificates are the tools that the machine uses to validate the machine identities on both sides of the communications.
Reports suggest that many people still have security-related concerns when using digital banking channels. Among mobile banking users, that’s the case for 67 percent of younger millennials, 58 percent of older millennials, 57 percent of Generation Xers and 63 percent of baby boomers, according to a study by Julio. Jennifer Valdivia of Jumio comments, “Our recent mobile banking study confirmed that security, especially the fear of fraud, is a top online and mobile banking concern among consumers of all generations."
So, the question is, would you borrow money on your smartphone or tablet? Personally, the answer is no. But ask me again in ten years. Maybe, I'll change my mind.
If you'd like to know if your financial institution made the "Banks with the Best Mobile Experience of 2018" list, check out the MyBankTracker.com list here:
Find out why you need machine identity management
Related posts