Is it secure?
Yes, the mobile banking service utilizes best practices from online banking, such as HTTPS, 128-bit SSL encryption, or password access and application time-out when your mobile device is not in use. Only the mobile devices that you personally enroll in the service can access your accounts. In addition, no account data is ever stored on your mobile device. And in the event your mobile device is lost or stolen, the service can be immediately disabled by either going online to the Mobile Banking enrollment website or calling us.
Mobile Banking Security Tips
- Set a strong account password that has at least 8 characters with at least one number and capitalized letter. Do not use your name, birth date or other easily identifiable personal information in your password to avoid hacking.
- Treat your phone like a computer by downloading security patch updates and antivirus software on your phone. Android® offers this software for users
- Always secure your phone and SIM card (subscriber identity module) with a password. If your phone is ever lost or stolen, it will protect your private and secure information
- Only download applications from trusted sources. Make sure to download updates regularly, as often times these include fixes to security flaws
- Take note of pop-up notices and other alerts that may be warning you about security issues or leaving trusted sites
- Delete text messages from your bank once you’ve read them
- Always log off completely after using a mobile banking site or application
- Make sure to clear out all information on your phone before discarding it
- Modify the phone's settings so that only messages from authorized numbers are allowed
- Bookmark the bank’s mobile web site and only use this bookmark to access the site to avoid phishing
- Avoid using unsecured, public WiFi networks to access financial accounts with mobile devices
- Always use your cellular network when conducting mobile financial services
- Add the bank’s short code and customer service phone number to your contacts and only initiate SMS and phone calls from your contact list. Do not reply to SMS messages that do not exist in your contact list.
- Use the auto screen lock on your mobile phone to prevent unauthorized access to your information.
- Consider utilizing apps such as Find My iPhone® and Find My Droid to find your lost or stolen phone.
- Keep your Bluetooth turned off by default and use only when necessary. Make certain that Bluetooth is turned off when conducting any mobile banking transactions/inquiries. Devices with Bluetooth enabled by default and ‘always on’ may present a target for exploitation and interception of data which can be done undetected (Bluesnarfing).
- Report any problems or suspicious incidences surrounding Mobile Banking directly to your bank.
- Send your personal information or online banking credentials via email or text, as both are easy to intercept
- Enter personal information unless there's an “s” after http, which indicates that the site is secure. Also, look for security symbols such as an icon of a lock
- Bank or shop online while on a smartphone when using unsecured, public WiFi access
- Set your phone settings to auto-fill User ID's or Password information
- Click on any links in emails that claim to be from your bank. Instead go to your bank's website directly to log in
- Click on links in SMS messages unless you initiated the SMS conversation with your bank
- Call phone numbers not in your contact list. If you are unsure about a phone number, you may text “Help” to your TB&T short code (79680) and compare the phone numbers. Only call the numbers in your Help response or in your contact list to avoid Vishing
- Jailbreak your smartphone. Jailbreaking (a method of ‘self hacking’ in order to gain full access to all features of the technologies of smartphones) is dangerous and makes your smartphone extremely susceptible to malware, viruses and other malicious programs.
Finally, know that Troy Bank & Trust will not ask customer to provide confidential information over an email or SMS message
With most mobile devices lacking the personal firewall, anti-virus software and other protections common today on personal computers, these devices can be vulnerable to a variety of security threats, including:
Malware: A term for “malicious software” that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system, or otherwise annoying or disrupting the victim
Phishing: Luring unsuspecting customers to provide sensitive personal information or downloading malware through an email. Popular scams including phishing emails that appear to be coming from a FI and contain a link to a spoofed website; the site tricks victims into logging in using their personal credentials, which are then captured by the criminal.
SmiShing: A contraction of “SMS and phishing”, in which criminals pose as a FI and use SMS in an attempt to gain access to confidential account information. The typical scam informs the mobile device owner that the person’s account was compromised or credit/ATM card was deactivated. The victim is directed to call a phone number or visit a spoofed website to reactivate the card. Once at the website or through an automated phone system, the victim is asked for card, Pass code and/or account numbers.
Vishing: A contraction of “voice and phishing”, in which victims are tricked into disclosing sensitive personal information through a phone call or voice response unit (VRU).