Mobile-banking security is becoming a growing issue as more and more people use banking apps.
Last year the issue gained the public’s attention when a group of thieves started breaking into lockers at gyms across London to steal bank cards and mobile phones while their owners were exercising.
They were then able to use the cards to go on shopping sprees at stores such as Apple and Harrods. Some of the victims reported that their banks were initially unwilling to refund them, saying that the criminals had used their PIN code, so they must have been at fault (eg, by keeping a note of the code with their cards).
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Later the banks gave in as it became clear that the problem was not their customers’ carelessness, but weak points in mobile-banking security.
Common bank app scams
There’s no shortage of ways that thieves can try to get into somebody’s account, but many of these involve having some personal information to wriggle around security protocols.
However, what appears to be happening in these cases is simpler. The thief has the cards and the phone. Of course, if they have been able to get a PIN – for example, by watching over the victim’s shoulder as they unlock their phone or use their card – their task is much easier, especially as many people tend to use the same PIN for multiple purposes.
But even if they don’t, they may still be able to get into some bank accounts. The thief installs the mobile banking app for the bank that issues the cards on a new phone and uses the card details to register for it.
Some banks require you to pass detailed identity checks to do this, but a one-time passcode sent to your phone by text message will be enough with others. While the thief can’t get into the original phone, they may be able to read the message in the lock screen if – like many people – the victim has message previews enabled.
Alternatively, they can put the SIM from the stolen phone into another phone. At this point, they can get into the victim’s account via the app, which may allow them to check the PIN for the card or transfer funds to another account, with minimal other security checks.
The apps not vulnerable to scams
Not all apps are so vulnerable: consumer group Which reckons that Lloyds/Halifax, Virgin Money and Barclays are weaker than Chase or Monzo, for example.
But rather than relying on your bank, there are a few steps that can help stop this kind of fraud, beyond obvious ones such as having a hard-to-guess PIN. First, disable message previews so they can’t be seen when your phone is locked.
Second, set a SIM PIN, which stops your SIM being used in a new phone by somebody who doesn’t know the code.
Third, make sure you have Find My iPhone (Apple) or Google’s Find My Device (Android) enabled, so that you can lock and wipe your device remotely if it’s stolen – but note this alone won’t stop a SIM-swap, for example.
-
August NS&I Premium Bond winners unveiled - have you scooped £1m?Two lucky NS&I Premium Bond winners are now millionaires in the August draw. Find out here if you are one of them
-
Savings rates more than double in a year as challenger banks top the best buy tables
The best savings rates have doubled - and in some cases tripled - in a year, with challenger banks offering the highest rates. While they are still no match for inflation, we look at what you could be earning.
-
Midlife MOT: what is it and who can get one?
The government has launched an online midlife MOT to help older workers with financial planning, health guidance and career skills. But how does it work, who can get one and would you pass it?
-
Coventry Building Society launches new best easy access savings account
Coventry Building Society's deal tops our easy access savings account list, but could your cash be put to better use?
-
NS&I boosts fixed-term savings rates
The NS&I, the government-backed savings institution has mirrored recent rate rises seen elsewhere in the market.
-
Should you let AI give you financial advice?
Can AI fill the financial advice gap? Kalpana Fitzpatrick looks at the pros and cons of using AI to guide your finances.
-
Small pension pots to be consolidated, says DWP
Workplace pension schemes worth less than £1,000 that become “deferred” when a saver changes jobs will be consolidated under a new system
-
Watchdog summons banks to explain paltry savings rates
Savings rates trail mortgage rates - and the financial watchdog has summoned banks to a meeting amid concerns of profiteering.
