The 5 Most Dangerous Mobile Banking Habits

Mobile banking grows more ubiquitous every year. 52 percent of smartphone owners with a bank account use mobile banking, according to the Federal Reserve, and more than half of users log in at least 2 to 3 times a week. There is good reason for this momentum. Mobile banking is convenient and makes it easy for people to stay on top of their finances. However, that convenience can come at a price. By transferring money, checking your balances, or scheduling bill payments from your phone, you could unwittingly put your banking information at risk.

Here are the five most dangerous mobile banking habits that users should avoid.

  • Using public WiFi

Banking when you are out and about can be tempting, but using public WiFi to log in to your bank’s mobile app, or any other financial services app, is not smart. For the most part, information sent through a public hotspot is not encrypted. This makes it vulnerable because other people on the network could access your activity. And if you are using an unsecured Wi-Fi network, this opens your highly sensitive financial data up to hackers.  

The smartest approach is to avoid using public Wi-Fi altogether. If you must, there are still a couple of steps you can take your protect your information. First, access your bank’s app over the Internet instead of using your bank’s app, as long as it is encrypted. The “https” at the beginning of the web address will let you know whether it is encrypted or not. Alternatively, you can purchase Virtual Private Network access, which automatically encrypts your information even when you’re using an unsecured network.

  • Leaving your phone unlocked

Just 36 percent of smartphone users say they use a lock code or PIN to protect their device. And in 2013, there were 3.1 million reports of smartphone theft in the U.S. and another 1.4 million were reported as lost and never recovered. Smartphone theft is rampant, and leaving your phone unlocked makes it far too easy for thieves to gain access to your sensitive information. Losing your phone is bad enough without identity fraud on top of it.

Locking your phone if the first line of defense for keeping hackers out of your sensitive financial information and preventing them from wreaking havoc on your life. The latest phone models scan your fingerprint for entry, so you don’t have to “deal with” entering the 4-digit code.

  • Storing sensitive information

Just as many people don’t lock their phones for convenience’s sake, too many people use auto logins for their mobile banking apps. Yes, entering your username and password every time you log in to a mobile banking app (or any app that involves payments) can be a hassle, however, if anyone gets their hands on your phone, they have total access.  

The smarter option for managing multiple cards and logins is to use a mobile wallet like  Apple Pay or Android Pay. You connect your debit/credit cards to these apps and they encrypt your information. Then when you pay online or in-person, you don’t have to enter your card number, and since your information is encrypted, it is also safe.

If you do not want to use one of these apps or do not have a compatible device, then make sure to log in manually every time and log out when you are done. Even if your mobile banking app automatically logs you out after a certain period of time, there is still a window of vulnerability.  

  • Opting out of alerts

Most mobile banking apps today give you the option to receive security alerts on your phone when critical changes are made to your bank account. These can include changes to your username or password, unusual log in activity, large transactions, and changes to your email address and phone number. Opting out of these alerts is a big mistake because you may not even realize if your accounts have been hacked until it’s too late. Signing up for alerts only takes a minute. You can also enable alerts for other financial services apps, like Mint, that monitor multiple bank or credit card accounts at a time.  

  • Password laziness

Around 14 percent of banking customers say they never change their passwords. This is a huge mistake. A strong password is not only a good defense against hackers, it is a necessary one. A strong password is one that a hacker could never be able to guess. You want to avoid using identifiable information like an email address, physical address, kids’ names, pets’ names, or birth dates. In addition, a strong password involves a mix of uppercase and lowercase letters, numbers and symbols. Third, a strong password requires regular updating.

Finally, you do not want to use the same password for all your banking or financial apps. A study from CSID found that 61 percent of Americans use the same password on multiple sites. Using the same information to log in to multiple accounts multiple times a day makes it easier for a thief to gain access. Once they do, they have access to your entire financial world.

These simple steps will have a dramatic impact on the safety of your sensitive financial information, and it’s always better to be safe than sorry.


Alex Matjanec | Co-Founder,

Having contributed to the online consumer interface development of several major financial institutions, including TIAA Cref, ING Direct, Ally and TD Bank (formerly Commerce Bank), Alex and his team developed to provide a more consumer-oriented banking information portal. Combining a clutter-free, easy-to-read interface with social integration, including peer bank ratings and reviews and community Q&A forum, leverages the lessons learned in marrying the communication needs of banking institutions with consumers’ desire for transparency and ease of use.

Written by AlexMatjanec