Online Banking is Safer on a Mobile Device (than a desktop)

[Midpack]

I guess I had it wrong, we’ve always used our hardwired desktop for brokerage, online bank, credit card, brick-n-mortar bank or financial access instead of our smartphones/tablets.

This article is from 2013, and I found several others, but nothing recent to confirm. Any thoughts?

https://www.tomsguide.com/us/financi...view-1853.html

Quote:

A few years ago, security experts thought you'd be crazy to access an online bank account from a mobile phone. The tide has turned. Experts now say mobile devices may actually be safer to use than computers for online banking, in part because malicious software can be downloaded to a computer without a user knowing it. As long as they're using encrypted Wi-Fi or a cellular data connection, mobile customers usually don't need to worry about malware hijacking their online-banking sessions. On a mobile device, secretly installing software is much harder to do, as long as the device hasn't been "rooted" or "jailbroken" to let the user run privileged commands and install unauthorized software. “No online banking is completely safe, period," said Clay Calvert, director of cybersecurity for MetroStar Systems, an IT consulting firm in Reston, Va. "However, unrooted tablets and cellphones are much safer than using PCs for banking."

[audreyh1]

Because of no keyboard loggers?

[Sunset]

Except I'm much more likely to leave my cell phone at the restaurant than my desktop.

Plus, they make the assumption that folks are protected by the OS supplied apps like apple store etc, which has turned out to not be true, but back in 2013 (date of article) folks believed it.

[jonat]

It depends - almost every day I read of new Android malware that copies keystrokes, reads passwords, etc. Malware on iOS is much less common, but not unheard of.

My perspective is that I have a better handle on what is on my PC than what is on my phone, what with automatic updates and apps taken over by new developers. I do run anti-malware software on my PCs (Norton Security), use a password manager (LastPass), and do as much as I can to improve security, such as use two-factor authentication. Sadly, not one of the financial institutions I do business with supports 2FA!

I also keep on top of transactions with notifications of charges and daily downloads of activity in Quicken. I've been a PC user for 23 years and haven't been hit by malware yet.

[USGrant1962]

I would say public WiFi, whether phone or laptop, is your biggest risk for online banking. I'm not too concerned about phone over cellular, or about my desktops/laptops/phones on my home wifi/ethernet.

And ditto on knowing what is on my computer systems verses not knowing what is on phones.

[aja8888]

Quote:

As long as they're using encrypted Wi-Fi or a cellular data connection, mobile customers usually don't need to worry about malware hijacking their online-banking sessions.

I guess sitting in Starbucks or Burger King and using their Wi FI is OK? I mean, we trust those vendors/connections, correct?

[audreyh1]

Quote:

Originally Posted by USGrant1962 I would say public WiFi, whether phone or laptop, is your biggest risk for online banking. I'm not too concerned about phone over cellular, or about my desktops/laptops/phones on my home wifi/ethernet. And ditto on knowing what is on my computer systems verses not knowing what is on phones.

Why? You talk to your financial institutions over an encrypted connection.

[audreyh1]

Quote:

Originally Posted by aja8888 I guess sitting in Starbucks or Burger King and using their Wi FI is OK? I mean, we trust those vendors/connections, correct?

Just make sure https

In a public setting I'm more concerned about cameras around me.

[harley]

I'm not sure I buy it. In the first place, 2013 was a century ago, technology-wise. Plus, as a former network security guy I still read a lot of security related blogs and newsletters, although I tend to skim instead of delve. But my feeling is that the malware for cell phones has taken huge leaps in the last few years. I'm not saying it's less safe than PC based communications, but I doubt it's significantly more secure. I'll look around and see if I can find anything more up to date.

[jonat]

I would never do anything sensitive while connected directly to "free WiFi". I use a Virtual Private Network (VPN) anytime I am using WiFi I don't control. Even with SSL, there are "man in the middle" attacks that are difficult to detect, especially with phones.

Since I have unlimited LTE cellular, I will tend to use that even in places with free WiFi. Much harder for random miscreants to intercept.

[harley]

Here are a couple of other articles. The one by Jack Schofield is pretty recent, but not too in depth. https://www.theguardian.com/technolo...er-for-banking

The interview with Bruce Schneier is older, but very much to the point, IMHO. He says it's all pretty safe because

Quote:

'It's not perfect. Internet banking is safe because we all do it and it works out okay. But if you want to be 100% secure, don't be online.

Also, and I like this explanation,

Quote:

'Your house is not secure because of your door lock. Your house is secure because of everything that happens in your city, in your country, in your world that makes your house secure. I could spend an hour telling you about the design of your door lock and you would be no better off with security than before. Security is very social. Banking is secure because if something happens, the bank makes good on it, we catch criminals, we're mostly lawful, you know, things are basically okay.'

https://www.schneier.com/news/archiv...anking_sa.html

[aja8888]

Quote:

Originally Posted by audreyh1 In a public setting I'm more concerned about cameras around me.

I don't see what you are getting at? What does that have to do with online banking and unscure WIFI?

[devans0]

I can only speak for myself as my system is set up, but the standard for my home is higher than my phone. For example, I only have a 4 × 10 digit code on my phone, but a 20 × 116 key code to get on my computer, and my computer location is secure in itself.

The modem has it's password protections as does the router which are distinctly different password protections. Wpa2 256 aes is set. I live in a quiet neighborhood with few signals in range, which cuts the potential, too.

I have 2 places with my money and both are set for 2fa and one only can transact to the other. Even to deposit or inquire about my bank balance, I have to give another 10 alphanumeric password.

I don't use my phone nor any mobile besides the phone to send sensitive info.

One more upgrade to more security that I am adding is to change security questions to a password type answer. Ie "my mother's maiden name is" qazxcfty for example.

[audreyh1]

Quote:

Originally Posted by aja8888 I don't see what you are getting at? What does that have to do with online banking and unscure WIFI?

If you are in a public place like a restaurant, how do you know there isn't a camera or somebody looking over you shoulder? It has to do with online banking. If you are accessing your accounts you have other things to worry about besides whether their wifi is secure.

[aja8888]

Quote:

Originally Posted by audreyh1 If you are in a public place like a restaurant, how do you know there isn't a camera or somebody looking over you shoulder? It has to do with online banking. If you are accessing your accounts you have other things to worry about besides whether their wifi is secure.

I understand your concern but, most restaurants have security cameras these days anyway. Someone looking over your shoulder... you would probably know if someone was. Personally, I wouldn't do any financial transactions over WIFI in a public place with a phone, tablet or laptop for other reasons.

Not the same concern, but I had my AMEX card picked up by a remote scanner in the Grand Hyatt hotel lobby when checking in at San Juan, PR and a new card issued the next morning in Croatia. And my card had a security chip in it. In 30 minutes, $18,000 was charged on it before AMEX cut it off.

Strange stuff can happen in public places.

[USGrant1962]

Quote:

Originally Posted by audreyh1 Why? You talk to your financial institutions over an encrypted connection.

True, but there is still more risk of a "man in the middle" attack on public WiFi. Why take that extra risk? Do you really need to log in to your bank/credit union/broker while connected through your hotel or coffee shop WiFi? Which may or may not actually be your hotel's or coffee shop's WiFi...

Anyway, if I need to check my balance on my phone or iPad cellular is more direct and less subject to man in the middle.

[audreyh1]

Quote:

Originally Posted by aja8888 I understand your concern but, most restaurants have security cameras these days anyway. Someone looking over your shoulder... you would probably know if someone was. Personally, I wouldn't do any financial transactions over WIFI in a public place with a phone, tablet or laptop for other reasons.

Exactly - security cameras everywhere in public places. You probably can't see many of them. Who knows who may be watching stuff at the other end.

[kumquat]

Quote:

Originally Posted by USGrant1962 cellular is more direct and less subject to man in the middle.

Google "stingray cell phone"

[Sunset]

On the news here in Chicago a few small groups of people are going up to folks on the street with a gun and demanding their cell phone, and making them unlock it before handing it over !!

I don't use my cell phone for banking, so I don't know, but if you pick up an unlocked phone, can you simply start the banking app to get access to the money ?

[Texas Proud]

I remember there were TV news items about how quickly a phone was hacked during the winter Olympics in Russia.... one guy turned his on and was hacked in less than 10 minutes... and that was years ago....


I trust my home computers more than my phone... BTW, I do not do any banking (or anything else that requires my personal info) on my phone...