Why have I yet to conduct my personal banking on my mobile phone?
Same reason as many, I suspect — there is something about that vaunted ATM machine that exudes a Fort Knox aura of invulnerability.
And yes, I’ve felt vulnerable the past few years when it comes to mobile commerce, having suffered the sucker punch of the debit card sting at a local gas station after punching in my PIN at the pump without noticing the skimming apparatus attached.
And kudos to my bank (without naming names, among those with a statewide presence), which promptly cut off the thieves after a pair of $200 withdrawals in Orlando, Florida, and required only 15 minutes at my local branch to reimburse me and reactivate the account.
But it’s moments like this when any thoughts of driving on past my local branch and going online give me pause.
At what point did that abundance of caution put me in the minority of banking customers? Depends on who you ask, with the Pew Research Center pegging 2013 as the tipping point when more than half of U.S. adults were conducting banking transactions online.
The Federal Deposit Insurance Corp., by contrast, had the figure at 23 percent that year, with the FDIC estimating last October that four in 10 people banked online in 2017. The Federal Reserve cites the annual FDIC survey as perhaps the most accurate, given that it relies on phone and in-person feedback rather than online polling, eliminating the odds that the numbers could be skewed by people already comfortable in the digital realm.
A third study released this past June by J.D. Power found that more than half of those surveyed indicated they use digital banking tools from their bank at least once a month. Huntington Bank scored top plaudits nationally, edging Capital One, with Citi ranked third to lead banks that have branches in Connecticut. Also besting the industry averages was Bank of America, more than half of whose customers now access their accounts in “a digitally centric” manner.
The J.D. Power survey suggests, however, that bank customers are bewildered by newer features that they say make apps harder to use.
The parent company of People’s United Bank, which is on the cusp of becoming a $50 billion institution with its mid-July deal to acquire the Hartford-based parent company of United Bank, emphasizes four tools of its mobile platform in checking deposits, debit account controls and alerts, and the ability to pay people directly using the app or receive payments.
In its annual report, People’s United makes clear the ongoing risks that mobile banking presents, noting that it expects to have to increase its spending to armor its systems against online thieves as it gains scale and becomes a bigger potential target for a breach.
If I am in the minority when it comes to popping open an app for my banking needs, I am not alone in my overall wariness.
The smaller Connecticut Community Bank uses a mobile banking platform created by Open Solutions, the Glastonbury payments technology company acquired several years ago by Fiserv. With a small branch network in the Gold Coast corridor of Connecticut, the company maintains an impressive offering of mobile banking functionality, including text-based account updates, fingerprint ID and “Popmoney” instant payments to others.
If I am in the minority when it comes to popping open an app for my banking needs, I am not alone in my overall wariness. Speaking in July to Connecticut Attorney General William Tong, I ask about his own comfort level when it comes to mobile banking. (At the time, Tong was finalizing a settlement with Equifax that will recoup $5 million for state residents who had their personal information exposed in a 2017 hack.)
“I think everybody has to not just be careful, but use common sense,” Tong says. “Technology is great, technology is fast moving, but not every technology and every advancement makes sense for us. … You have to be careful and vigilant.”
And in a study of mobile apps two years ago, Accenture and NowSecure put a data point on those fears. Of 30 mobile banking apps examined for security, all were determined to have at least one flaw, including some deemed “high risk,” in the study’s words.
Reported hacks of mobile apps have been few and far between, but reminders surface, including last year when HSBC reported a breach affecting less than 1 percent of its accounts.
If the odds are pretty long of anything happening to my hard-earned money as it routs along my financial institution’s digital pipelines, there’s still a chance — and with a branch most everywhere I drive, I might wait a little longer to take the banking app for a twirl.
Tong put it best.
“If you don’t need it, don’t use it,” Tong says. “It’s one of those things that will be trusted and will be safe — until it’s not.”
Tips for keeping an online bank account secure
In part due to lower overhead costs, many online banks offer better interest rates on savings accounts than traditional institutions. As an example, entering August, the Stamford-based giant Synchrony Financial offered a high-yield savings account at a 2.15 percent annual percentage yield, compared to a 0.3 percent APY at Bank of America for its standard savings account.
But experts advise depositors to compare features and safeguards between online banks and their brick-and-mortar alternatives — most critically, checking if the account carries Federal Deposit Insurance Corp. guarantees to make you whole in any bank collapse or event affecting deposits.
Once you have picked a bank and opened an account, there are habits you can adopt to lessen the odds of falling victim to any bad actor. The insurance carrier Nationwide lists several, including a few obvious ones like using a trusted antivirus software, including on your phone; steering clear of public Wi-Fi hotspots to access one’s account; changing passwords every three months (or even more frequently); and avoiding any duplication of passwords used on other accounts.
The technology review website Tom’s Guide adds several more, including using a bank’s mobile app, rather than accessing the site through a mobile browser; installing updates as they are made available to ensure all security patches are up to date; and keeping your smartphone securely in your possession the same way you would your bank cards.
If accessing your account via a web browser, manually type in the URL and ensure it carries the “https://” prefix before proceeding to the website, rather than clicking through on a link in an email or accessing it through a search engine. Use a bank that requires multi-factor authorization to access accounts, for instance, an additional passcode.
And after completing any transaction, ensure that you have closed out the browser and that it does not appear in your online history record — better yet, Nationwide says, disconnect your computer from the Internet after any online banking transaction and then reconnect for any additional web surfing.