The relationship between smartphones and securing personal information can be complicated.
On the one hand, banking and payment apps have made it easier than ever to stay on top of our finances. At the same time, they require us to enter private information, like our bank account numbers, which could become vulnerable if our phones are hacked or stolen.
Most banking apps are protected by software that verify your identity when you log in. Many also use financial companies like Payfone to verify the phone that’s attempting to log into a banking or financial app. Payfone is used by six of the top 10 banks in the United States.
Even so, not all apps have up-to-date security features, and some may leave the door open for interference. Even more, customers often choose convenience over security safeguards and criminals are constantly improving their hacking methods. All of this leaves consumers vulnerable to theft.
When it comes to managing money, Bank of America found that 54% of consumers use a mobile banking app, with 84% accessing their financial information from their phones at least once a week. Mobile accessibility provides convenience, but it also opens consumers up to fraud. Here are some mobile scams that every consumer should know about.
Hackers taking control of your phone
Picture this: You get an email saying that the passwords on your email and social media accounts have been changed. There’s one problem, you didn’t’ change them. This happened to Black Lives Matter activist DeRay McKesson in 2016, when a thief impersonating him called Verizon and changed his SIM. This allowed the thief to bypass the two-factor verification he had in place on his phone, and take control of his social media accounts.
“By phishing your credentials, thieves can get into your phone. They change your password so you’re locked out, and they find ways to steal your money,” said Rodger Desai, CEO of Payfone.
Hackers are incredibly savvy, but there are some things you can do to safeguard your information. First, create a PIN on your wireless carrier account. This way, if someone calls your carrier, they won’t be able to make important changes without that four-digit number. That said, make sure your PIN original. Do not use your birthdate or the last four digits of your social security number. Thanks to the massive Equifax hack, this personal information is probably easily accessible to thieves.
In the event that a hacker breaks into your phone, you can also enable extra security measures on specific apps.
Take Venmo, for example. Under the settings tab, you can enable Touch ID to be used every time the app is opened. If this feature isn’t enabled, anyone can simply log into Venmo on your phone and drain your bank account.
Most financial apps also have the option to require a passcode or Touch ID before gaining access, including Mint, ETrade, and most banking apps. Ensuring that this feature is enabled can make all the difference when it comes to protecting your assets.
Criminals calling for one-time PINs
Over the last five years, banks have drastically improved the ways in which they notify customers of fraudulent activity. Depending on your notification preferences, banks typically send you a text or email notification asking you to verify a large or unusual purchase.
What most banks won’t do is call you on the phone.
“Don’t trust anyone asking you for anything over the phone. You should never give your information if it is requested through a voice call, don’t pay anyone that’s calling you,” said Desai.
According to Desai, thieves have been hacking into phones and using the “I forgot my password” prompt. This sends a code to the customer’s phone. Moments later, the thief will call the phone owner, posing as a customer service representative, and ask the customer to repeat the one-time code over the phone. Just like that, the hacker now has the ability to change your password and access your personal information.
“No one will ever send you a PIN and then call and ask for it.” Desai repeated.
Purchase online, pick-up in store
Let’s say a criminal accesses your credit card number and makes some online purchases. Over time retailers have gotten more savvy with security, and it raises some red flags if a purchase is sent to a shipping address that differs from the billing address.
To get around this, thieves have started using in-store pick-up when making online or mobile purchases. In many cases, retail websites give you the option to assign an alternative person to pick up the purchased item. So, criminals can get around the issue of showing an ID.
Even worse, criminals are using the in-store option to misdirect retailers.
“Many fraudsters use the in-store pickup in conjunction with shipped orders as a way to bypass fraud screens, because merchants tend to consider orders with in-store pickup as less risky since they can check customer information at the store,” wrote payment management company CyberSource in 2013.
Accessing your cardless ATM transaction
Today, banks like Wells Fargo, JPMorgan Chase and Bank of America are experimenting with a mobile feature that allows customers to initiate an account withdrawal on their phones and then remove the cash from an ATM machine by using their digital wallet (a virtual version of your credit card) or a one-time PIN. These options mean that your debit card is not needed. Typically, there is a cap of $250 to $500 for ATM withdrawals, but this new feature often bumps the maximum withdrawal up to $3,000. This works great if you lost your debit card, but for thieves, it’s just a new way to rip you off.
Desai said that some criminals have used the convenience to extort money from families. Thieves may call a customer and claim to have someone they love held hostage. The customer is then instructed to initiate a cashless ATM withdrawal, and are forced to give the criminals the PIN over the phone. The criminals never had anyone held hostage, but now they have the PIN and your money.
In a more likely scenario, if a hacker manages to take control of your phone, they could access your banking app and initiate a cashless ATM transaction. So again, it would be wise to enable the Touch ID security feature or a complicated password to thwart access into your banking app.
“Consumers expect convenience, but it’s creating more and more holes that companies need to protect,” said Desai.
Brittany is a reporter at Yahoo Finance.