I’m writing this dispatch from the Pacific Coast, where I’ve just seen a fabulous-yet-disturbing documentary at the Newport Beach Film Festival. It’s called “Terms and Conditions May Apply,” and director Cullen Hoback’s movie takes a chilling look at how vulnerable we all are in this digital society. That is, “free” services such as Google, Facebook and Twitter know much more about us than you might think — and they’re holding onto that information indefinitely. They also share it at will with federal espionage services, thanks to the dense legalese written into online terms of service since 9/11 and the Patriot Act.
The movie, to my mind, brings up a salient caution that will never disappear: In a wireless, computer-crazy world, you can’t be too safe with your information in a non-secure environment. That starts by not volunteering any compromising tidbits about yourself or your finances, ever. Email lives forever. Hiring recruiters can dig up old Facebook photos of drunken college revelry in minutes. You should know the drill by now, though it’s surprising how many people don’t.
So for this column, I turned to Julianna Young (pictured), Director of Behavior Design at Moven, a mobile-centric banking experience startup in New York City. With so many people doing their banking by phone now, the subject of mobile banking security has more relevance than ever before. According to a September 2012 report by eMarketer magazine, smartphone penetration as measured by the percentage of the population jumped from 20.2 percent in 2010 to 36.6 percent in 2012, and will jump again to 58.5 percent by 2016. That means far more North Americans will bank and make payments by smartphone, even as money apps become more sophisticated and widespread.
As Young points out, mobile payments are also getting fairly common. They’re transmitted three ways these days: QR codes (as found in LevelUp), near-field communication (NFC) available with Google Wallet, and radio-frequency identification (RFID) available via Moven with MasterCard’s PayPass. “Mobile payments are simply the next logical step in our use of smartphone devices. We lead highly mobile lives, and we need our banks and payment systems to keep up with our changing needs,” she says.
But are such payments secure? Almost always, the answer is yes — but it’s not a given. Here are Young’s three big tips for staying safe on the go:
1. Password-Protect Your Mobile Device
“While most mobile money management apps require you to authenticate yourself before getting access to your accounts, it’s always a good idea to add an extra layer of security by putting a password on your mobile phone,” Young says. “This added layer of protection helps keep your sensitive information safe in the event that you lose or misplace your phone.”
With an iPhone, for example, 10,000 potential combinations exist to lock up your phone from anyone trying to pry its information loose. Do not, under any circumstances, pick a code that’s easy for a thief to decipher; the most common codes are four identical digits, or the last four digits of your phone number. Make it random, knowing that even this code can be cracked, but it will take that thief much more time than guessing “1111” or “2222.”
2. Don’t Respond to Fishy Phishing Texts
“While it’s now common practice for banking institutions and other service providers (e.g., cell phone providers) to communicate with customers via SMS, it is important to keep an eye out for malicious texts — referred to as phishing messages — that masquerade as messages from your bank,” Young says.
Any mysterious message beckons to the kid in us, and invites us to open it. That said, “Don’t click on suspicious links or respond to suspicious messages,” Young warns. “Most importantly, never provide account information via text message. If you are unsure about the legitimacy of a message you receive, contact your bank to verify whether or not they were the source of the message.”
We know that in the email world, for example, phishing messages often give themselves away by bad grammar. A text, because it contains less information generally, may be harder to spot as phony. But if you see a text such as “Citibank want [sic] you to reset password,” you can be sure it’s fake. Delete it right away. When in doubt, always call or email the bank or financial service and ask them about the text message. Chances are that if you didn’t initiate contact with the bank before the message, it’s phony, and the next step involves the financial institution investigating the bogus message.
3. Keep Your Friends Close, and Your Phone Closer!
“Give the same level of care and attention to your mobile phone that you give your wallet or heirloom jewelry,” Young says. “Be sure to keep it within your sight, or on your person. Do not lend your phone to anyone you do not know — even ‘just to make a quick call.’ When you are out at a restaurant, do not leave your mobile phone sitting on the table. Should your phone go missing, report it immediately to your carrier, and to your mobile payments provider.”
Two years ago, I had my iPhone stolen by someone at a Chicago coffee shop. He slapped a newspaper on my table and started yelling in gibberish. As I was distracted, he put his hand under the paper and picked up my phone with the deft touch of a pickpocket. I never got it back.
“Also, be sure to understand the various options available to you for disabling your phone remotely,” Young says. I couldn’t agree more. I’d add that you should know how to track your phone as well; test and master the procedure for looking it up in seconds via your laptop or desktop.
When my phone was stolen, I didn’t know how to use the “Find my iPhone” tracking feature. By the time I tried to enable it, a software glitch caused me to lose track of the device for good. It cost $300 to replace it. Good thing the thief coveted my phone, and nothing else.
To Young’s tips, I’d add a fourth: Stay secretive. I’ve written before about “shoulder surfing” — the practice of stealing passwords and sensitive data by looking over a person’s shoulder in a coffee shop or public space. Don’t be so naive as to deposit checks via mobile banking on a coffee shop table.
Save any sort of banking or financial activate for your home office or a private space. I wouldn’t even do it at work, where a prying neighbor or nosy colleague could lift your digits and passwords in the blink of a roving eye.
Do you have any tips for keeping your information safe in the digital age? Have you ever been hacked?