CONSUMERS are being bombarded with financial apps allowing them to spend and manage their money on the move, but technology experts are warning of the potential security risks.
Most of the big banks now offer smartphone applications for checking your balance and making payments. PayPal launched the inStore app last week, allowing users to pay at high street stores, including Coast, Oasis and Karen Millen, using their phones.
The app, available for iPad, iPhone and Android devices, provides a unique barcode and transaction number, which the shop cashier scans to take money from the customer’s PayPal account. Payments, refunds and discounts are all managed via the app, which will work even when there is no mobile or wi-fi signal.
The company insists that the app is very secure as the customer enters a Pin to open it. No personal or financial data — or money — is stored on the device.
While there are no official fraud statistics for smartphone apps yet, they are thought to be an increasingly attractive target for fraudsters. The Get Safe Online campaign believes that mobile malware, or malicious software targeting smartphones, increased 800% in the final four months of 2011.
Advertisement
Stephen Bonner, an expert on data security at KPMG, the accountant, said: “Deployment of mobile banking apps on to smartphones is growing rapidly, but there are risks associated with anytime, anywhere banking delivery.”
Bonner said apps are often developed by third-party companies for use by a bank or financial firm. As such, they can include additional functions that the banks do not know exist. For example, an app that shows your nearest branch will often use a third party for the map co-ordinates, and the organisation providing that information might be keeping records of this data.
“This provides a potential threat to your personal data if the records are somehow leaked,” said Bonner.
Data security problems can also arise when you sell or give away your old phone — a common practice with contract upgrades. Bonner said you should delete all apps and wipe the data, restoring the factory settings. “If you are sending your phone to be recycled, check that the firm offers a data-wiping service, rather than simply refurbishing it.”
However, consumers should not be overly worried if they take the right precautions. Bonner said: “Banks and reputable financial companies take protecting consumer information very seriously. Many of the apps don’t store personal data and, even when you bank over a wi-fi network, the details are encrypted in transit.”
Advertisement
Get Safe Online recommends smartphone users install security software from companies such as Trend Micro, Symantec and AVG. This is not currently offered as standard, so contact your network provider for guidance. Double-check that a security app is genuine as some free packages are rogue apps trying to get your data.
If you are an innocent victim of smartphone fraud, you should get a refund. The Financial Services Authority said: “The burden of proof is on the bank to show that the customer authorised the transaction, and the use of an app is not in itself necessarily sufficient to prove the customer authorised it.”
