back to article Scared of mobile banking

Some banking customers are reluctant to go mobile because of fraud and security concerns. More than a third (36 per cent) of 1,000 consumers quizzed in a survey said they didn’t use mobile banking. Three out of four of these refuseniks (74 per cent) cited security as the major reason. Security concerns could slow the overall …

  1. Dan 55 Silver badge

    The real problem is why it's only 36%

    It should be far higher.

    I have used mobile banking on occasion but I didn't inhale... Firefox Android, in private mode, and didn't save passwords. But you won't get me to install some all-singing all-dancing banking app that has access to NFC, storage, camera, microphone, etc... and can be hacked by malware.

    1. Anonymous Coward
      Anonymous Coward

      Re: The real problem is why it's only 36%

      But why? Statistically and if you think about it, you are far less likely to have an issue with a [well written and downloaded from an official source] banking app than you are with using a web browser whether on a PC or a Smartphone or just from simple banking/cloning 2FA flaws.

      If you aren't rooted then it is far easier to scam a PC user than it is an app. I know there is a lot of FUD surrounding Android Malware but it is just that, FUD.

      1. Martin an gof Silver badge

        Re: The real problem is why it's only 36%

        Statistically and if you think about it, you are far less likely to have an issue with a [well written and downloaded from an official source] banking app than you are with using a web browser whether on a PC or a Smartphone or just from simple banking/cloning 2FA flaws.

        Not sure why that should be the case. Statistically, if I use neither a mobile app nor a web-based system, but deal with the bank almost entirely in-branch, then I know that every email or text message or phone call I get 'from my bank' is absolutely, definitely a scam. Apart from some awkwardness with opening hours (and there are banks out there that are realising this now) I find it quite a pleasurable experience dealing with things in-branch. Shame they are all closing, and I know I'm fortunate to live in a small town which has a good selection of banks still.

        M.

        1. Trigonoceps occipitalis

          Re: The real problem is why it's only 36%

          "I find it quite a pleasurable experience dealing with things in-branch."

          Last time I went into my local branch I was made to feel distinctly a problem because I wanted to talk to the teller and not use the machines. At least they still call me sir and do not (yet) use my given name.

          My problem with the bank app is that when I shut it down I have actually logged out, it is still running in the background. I force a close down via the Setting/Applications menu but I expect that makes little real difference. I have written twice to my bank manager about this and not yet, over several months, had an acknowledgement yet alone a substantive reply. Perhaps i should contact the "dealing with grumpy old gits" section.

          1. Martin an gof Silver badge

            Re: The real problem is why it's only 36%

            Last time I went into my local branch I was made to feel distinctly a problem because I wanted to talk to the teller and not use the machines. At least they still call me sir and do not (yet) use my given name.

            My local Nat West has done this - got rid of a row of four teller positions for three machines (they had two anyway) and a couple of semi-tellers at a desk. Guess where the queues always are? The machines are only really useful for withdrawing cash or paying in small amounts of cash or cheques, and honestly it seems to take longer with the machine than it used to with a teller.

            My local Co-Op, on the other hand, has three teller positions, a manager-type sat at an open desk, and not even a cash machine on site!

            M.

        2. goldcd

          But when you walk into that branch

          occupying some prime real-estate, filled with well meaning reps clutching ipads and generally portraying some idiot VPs version of Minority Report.

          Don't you have that niggling feeling of "Who's paying for all this?"

      2. Stoneshop
        Holmes

        Re: The real problem is why it's only 36%

        a [well written and downloaded from an official source] banking app

        You mention the problem right there already.

        And it's far easier to isolate a single browser instance for banking from the rest of a PC's ecosystem, than it is on some Android phone, up to spinning up a VM with an entirely different OS with extremely restrictive firewall and routing settings.

        1. Ottman001

          Re: The real problem is why it's only 36%

          >You mention the problem right there already.

          Agreed.

          eCommerce and in shop card operations are regulated by Visa and Mastercard to the point where it's easier to attack the human elements. PCI DSS inspections go as far as independent code reviews. Is there an equivalent regulatory process for mobile banking? I don't know. If I knew the answer, it may alter my decision not to use mobile banking when I have a perfectly convenient local branch.

        2. Anonymous Coward
          Anonymous Coward

          Re: The real problem is why it's only 36%

          you can easily run a VM for Android if you want. If you think most people are isolating their browser or running VMs then you are very much mistaken. If you are security conscious enough to to be doing that then you wouldn't have security issues with your phone either.

          The fact still remains that it is much easier to scam via a PC/Browser for normal users than it is to break a mobile app. The only real way is with overlays targeted at specific apps but this can easily be mitigated.

      3. Paper

        Re: The real problem is why it's only 36%

        And if my phone is stolen...

    2. Sebastian A

      Re: The real problem is why it's only 36%

      Ditto. I went to install my bank's app at one stage and reviewed the permissions list. There really was no point in listing it, it should have just said "Everything.". I queried them on it and received the following response.

      Thank you for your message regarding the *deleted* Android mobile app.

      I have provided details regarding the permissions that the app requires for your reference below.

      • Coarse and fine (GPS) location data

      This is used for the map functionality and the find nearest ATM function.

      • Identify phone call status

      This is used as the app has the function that allows customer to directly phone the Bank from the app.

      • Read contact data of all my personal contacts

      This permission in required to allow customer to select a mobile number and email address for people in their contact list to make a Pay to Mobile/Email function available in the mobile app.

      If there's one company I should trust in any way you'd think it would be my day-to-day bank but no. I've literally never been in a situation where I've been away from home and thought "Hey I really should schedule this payment *right now*, it can't possibly wait until I get home.".

      My next phone will be selected on the ability to control app permissions granularly. Maybe then will I reconsider installing more apps. If they fail from not having GPS or camera access then I don't need them and they'll get uninstalled.

      1. Neoc

        Re: The real problem is why it's only 36%

        @Sebastian:

        "My next phone will be selected on the ability to control app permissions granularly"

        I have one of those, and it won't help unless the App is also written to allow you to do it. Apps written using the "old" security framework bypass the granularity options on the newer phones (for "backward compatibility"). In other words, your bank's App will continue to ask for everything under the sun and refuse to work without being granted root access (argumentum ad absurdum) because they can.

        1. DaLo

          Re: The real problem is why it's only 36%

          "Apps written using the "old" security framework bypass the granularity options on the newer phones (for "backward compatibility")."

          No they don't, you can still select granular permissions for the old apps, it's just that the newer apps just ask for permissions as they use them the first time and should have a better fail over procedure if you don't grant them. The older apps may just not work properly or crash if they aren't given the respective permissions but this should happen until they try to actually use or check that permission.

  2. Richard Jones 1
    WTF?

    My Mobile Just Said No

    I asked my otherwise perfect for my use mobile if it would like to do mobile anything else, it suggested I try texting then said No. At that point I received an incoming call from some tramp in a call centre so we agreed to stop the discussion right there.

  3. Runilwzlb

    There's a famous saying about secrets: "It's not that I don't trust YOU, it's all the other people you'll tell that I don't trust."

    Banking apps by themselves are fine. But I don't trust the other apps that co-reside on the device with them. Its bad enough that any app can scrape your router passwords, login ID's, phone contacts, email contacts, browser info, location, etc.. Until they come out with a device and mobile operating system that respects and enforces the boundaries between data, I will never allow banking or other financial apps on my mobile device. That includes Amazon and Ebay.

  4. Alan Sharkey

    I have used Android for many years and I wouldn't touch mobile banking with a bargepole. No way is a phone secure.

    1. Neoc

      I've actually had the reverse problem: my bank's App would not install because my phone was rooted and thus a "security risk". I pointed out to them (forcefully) that rooting was also done by people who wanted better control over their phone. Next update, the app simply warned the user about the rooting and would install after the user confirmed knowledge of the state of the phone.

      Yes, there are still people who will click "OK" on everything. But honestly: if someone drove off a bridge because they ignored the great big sign saying "Bridge closed for repairs", we would consider them idiots. Why is this different with IT?

  5. Captain DaFt

    OK, I'm curious

    If three fourths of the people that refuse to bank online cited security as the reason, what reason did the other quarter give?

    Couldn't remember their password?

  6. Adam 1

    > Three out of four of these refuseniks (74 per cent) cited security as the major reason.

    Well they are fundamentally correct on that. 2FA is useless if the SMS code for funds transfer is going to the same device.

  7. Oengus

    Whats that?

    I went into my bank to do some transactions and the service desk lady said I could do that from their phone app. She said she would help me load it. I handed over my phone and she looked at me "What sort of phone is this?" (A Blackberry Z-10)... Gets the smart-arse customer service types every time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon