You have to wonder if anyone—or any monolithic institution—is truly safe from the perils of electronic hacking.
Just a few weeks ago, eBay acknowledged that its customer database had been compromised. But this wasn’t any ordinary hack, mind you: The bad guys got access top at least 145 million accounts, including names, encrypted passwords, email addresses, home addresses, phone numbers and dates of birth, according to Forbes. Other sources, such as the Daily Beast, place that number even higher, at 233 million people. The company confronted the breach in a May 21 press release, asking all users to change their passwords.
“Stories of breaches are all over the news,” says Val Srinivas, the banking and securities research leader at the Deloitte Center for Financial Services. “Most consumers do feel a heightened sense of vulnerability when they hear these stories week after week.”
Deloitte just issued a new report that shows customer suspicions for safety translate to the world of mobile banking apps, too. Citing consumers’ persistent fears about security, Deloitte’s Center for Financial Services says that many consumers are less interested in (or more suspect of) mobile financial technologies than you might expect.
According to the report, 54 percent among those 35 and under are concerned about the security of mobile devices for banking purposes (compared to 67 percent of those above 35). The survey looked at 2,193 respondents aged at least 21, with a minimum annual household income of $25,000, and a bank checking account.
A major goal of the report (entitled “Mobile Financial Services: Raising the Bar on Customer Engagement”) was to reveal to banks why some customers have been slow to bank on mobile devices, including the 35-and-under crowd.
And to a large extent, the fears of consumers are well founded. Even while Deloitte’s survey indicated greater adoption of bank mobile products than, say, the insurance and investment management sectors, it still finds that banks “are at a decided disadvantaged compared to other sectors” when it comes to security.
Why is this? “The one finding that really jumped out in our study was that people are worried about how safe their personal financial information is,” Srinivas says; 61 percent of those surveyed who don’t regularly use mobile devices for financial services cited security issues as the prime reason. “That’s markedly higher than the next most common reason: those who want to do their financial business in person or over the phone with a human being.”
Part of it has to do with technology, too. Nearly two-thirds of those surveyed said they would find it valuable to use biometric identification (such as a fingerprint or retinal scan) on mobile devices for ATM transactions and payments. Male, younger, and high-income respondents are slightly more comfortable with making payments using biometric security. However, the comfort level with biometric security and encryption decreases as the amount of the transaction increases—the more money you’re moving, the less comfortable you’re bound to be, the survey states.
That said, there are some purely practical reasons why some people don’t bank on smartphones with ubiquity. Half the respondents said the difficulty of seeing and typing on smartphone screens posed limitations in using mobile devices for financial services. (For those using tablets, these factors were less of a concern.)
So if security is your concern in terms of banking in the mobile sector, what are some actions you can take to keep your financial information safe?
1. Start with strong passwords.
For the sake of memory and convenience, many of us default to passwords that are easy to remember, perhaps without writing them down. That’s a bad idea says Jean Chatzky, an education partner for LifeLock and a personal finance expert.
“An earlier LifeLock survey, this one conducted by Forrester, found 70 percent of people say they use strong passwords but just 42 percent actually do,” she says. “It’s a combination of eight or more letters (lower and upper case), numbers, symbols (like $ or &) that don’t come together to form a common word, name or phrase. It should look like gobbledygook.”
Here’s Chatzky’s trick for how to do it, and not forget it:
“Think of a sentence you can remember. Take the first letter from each of the words; substitute a symbol or number when you can. Then at each site, tack the first letter of the name of that site on to the beginning of your password and the last letter onto the end. So if your sentence is ‘I make the best peanut butter banana pie on the planet,’ your building block is Imtbpbbpotp. Swap out symbols and numbers and you have !mtbpbbp0tp. Then use the site name for your caps—if you’re on WellsFargo for instance, it’s W!mtbpbbp0tpF.”
2. Keep your passwords somewhere private.
3. Watch your social network activity.
Chatzky says that remarkably, Millennials are more at risk for identity fraud than older adults.
“Why? They live online—and care far less about privacy. So it’s a lot easier to gain access to the sorts of information you can use to build a faux profile of one of them. Scrub yours clear of any details that could be used—address, mother’s maiden name, etc.—to impersonate you online.”
And as much as we have a responsibility, so do the financial institutions. If there’s a clear message from the Deloitte survey, “financial institutions should convey that consumers have control over their [financial] vulnerability,” Srinivas says. “They need to make the case that mobile interactions are secure, and simultaneously demonstrate clear advantages of using the mobile platform.”