Mobile Banking: How to Keep Your Account Safe

Quick Answer

Keeping your bank account secure might require a few extra steps if you use mobile banking apps. Here are five that you can take.

Happy woman using digital tablet for mobile banking in the office.

Banking apps can provide on-the-go access to your accounts and helpful safety features, like notifications and real-time alerts. However, additional access comes with additional risk, and there are a few steps you may want to take to help keep your device and bank account secure.

1. Be Careful When Downloading Apps

Although the Apple App Store and Google Play Store take steps to review and confirm that the apps available for download are safe, sometimes malicious apps (malware) sneak their way in. Or, you might download and install an app on your phone or mobile device without going through an app store.

Either way, malicious apps can sometimes appear in best-of and most-downloaded lists, giving you a false sense of security. Some also might be helpful and innocent sounding, such as an app for viewing PDFs.

However, when you launch your banking app, the malicious app might record what you type or secretly replace your banking login screen with a lookalike page. It can then steal the username and password that you enter. Alternatively, you might accidentally download a fake banking app that steals your login information.

The official app stores are relatively safe, but the safest option is to get a link to the app store from the bank's website. You may also want to occasionally run antivirus scans on your devices to look for malware.

2. Don't Click on Unexpected Links

Be mindful of installing a malicious app or other types of malware by clicking on a link or downloading an email attachment. Three common avenues of attack are:

  • Text message scams: A scammer might impersonate a bank, government agency or well-known company to try to convince you to click on a link.
  • Spoofed emails: Similarly, an email with a link might be "spoofed" to look like it comes from someone you know or a large company.
  • Compromised email or social media accounts: You might instinctively trust a direct message or email from a friend or family member, but their account could be compromised. If the link looks unusual, consider contacting them via a different platform to verify they actually sent the message.

Although simply clicking on a link could potentially infect a device, often the link will lead to a website where you're prompted to enter your username and password (perhaps to "verify" or "secure" your account), or to download a malicious app.

These pages could be tricky—such as when they look nearly identical to the bank's legitimate website. It's always safer to type the website directly into your browser instead of using a link.

3. Keep Your Device and Apps Updated

Cybersecurity is often a continuous game of cat and mouse—companies create and expand their defenses as criminals look for new ways to break into systems.

Companies often release security patches with software updates to stop the latest types of attacks, which is why regularly updating your device and apps is important.

You can manually update apps and operating systems on Android and Apple, or turn on automatic updates to help keep yourself safe.

4. Be Cautious When Using Public Wi-Fi

Encryption is now the standard, rather than the exception, with most websites. And connections to your bank accounts via a browser or mobile app will almost certainly be encrypted. As a result, the old rule of thumb to never use public Wi-Fi isn't necessarily as rigid.

However, it's better to be safe than sorry. If you have reception, switch off Wi-Fi and use your phone connection to access your banking app.

If your phone's network isn't an option, you may want to wait to log in to your bank—or other sensitive accounts—unless you absolutely need to. And consider using a virtual private network (VPN) on your mobile device to add another layer of encryption.

5. Automatically Turn off and Lock Your Device

It's easy to think of keeping your mobile banking apps safe as a purely technological challenge. But don't forget that keeping your device secure is also important. If someone steals your phone, tablet or laptop, you want to make sure they can't easily access the device.

  • Review your settings. Go to your device's settings to find out how long your screen will stay unlocked before turning off and asking for a PIN, password, pattern, fingerprint or face scan.
  • Turn on screen locking. If automatic screen locking isn't enabled, consider turning it on and having your screen automatically turn off after a couple of minutes.
  • Be aware of your surroundings. You don't want someone peering over your shoulder, memorizing your PIN and then stealing your device.

To be fair, even if someone accesses your phone, your banking apps will generally require a password, face or fingerprint scan. But locking your phone could still help keep your other personal information safe and prevent someone from installing malware on your device.

If you want to be extra cautious, you could disable face or fingerprint scanning altogether. There have been several cases of criminals drugging people and then scanning their unconscious faces to access their banking apps and steal money. However, this doesn't appear to be a common crime.

Use Basic Security Measures to Stay Safe on Every Platform

Some basic security measures can be very important, but they aren't specific to banking apps. Two easy steps you can take to keep your banking—and other online—accounts secure are:

  • Use strong and unique passwords or use passkeys. Using a strong and unique password for your bank is important because criminals might be able to learn or guess repeated passwords from data breaches at other companies. Some organizations also now support passkeys, a passwordless option for logging in to your accounts that may be more secure than passwords.
  • Turn on multifactor authentication. Multifactor authentication (MFA) protects your accounts by requiring someone who tries to log in to your account to use more than just your username and password. For example, you might need to enter a code that's texted or emailed to you, or that an authenticator app generates. If your bank doesn't require MFA, go to your account settings and see if you can turn it on.

You can also set up bank account alerts to get notifications whenever certain actions happen, such as a large purchase, large transfer or a low balance. These might be warning signs that someone accessed your account.

The Bottom Line

Some identity protection programs also come with financial account monitoring, which can help warn you about suspicious activity in any of your accounts. If you want to see how this works, consider an Experian IdentityWorks℠ Premium or Family plan.