How Secure Are Your Financial Apps?

In a world where there is an app for everything, finance has recently become the latest area where apps are now the norm for personal management.

However, the safety of these has recently been called into question.

Read on for the dangers to app security and how you can protect yourself from being hacked.

Hacking is on the rise

As more and more of our modern economy is moved online, the scope for hacking is growing.

In the last few years, some huge data leaks have included Target, Ashley Madison, and Sony.

Luckily, these were limited to personal information, and so the damage was contained.

The silver lining for finance is that only around 1 in 10 data breaches tracked in the United States by the renowned Identify Theft Resources Center were related to banking.

The rest were mainly shopping, gaming, and social platforms.

 But 1 in 10 incidents still means millions of people being in danger of having personal data taken.

And so it’s important to be aware of the dangers that come with online banking.

The number of people using financial websites and apps for management rather than going into their bank or calling them up grows by about 50% each year.

There is an app or website for everything now, and with it, a new opportunity for hackers with ill intentions.

Kennet Westby is the president of Coalfire, a cybersecurity firm that is based in Colorado and has various high-profile financial clients.

He says that whilst there are obvious benefits to consolidating information into programs, there are also inherent risks.

Keeping all your eggs in one basket means that if someone gets hold of those eggs, they’ve got everything.

Thankfully, banks have a lot of money to spend on security and can do everything possible to maintain safety for information and money.

 We’ve all experienced the stifling bureaucracy of certain online banking formats and trying to make a payment abroad.

A little annoying, but comforting that all this effort is being made to make sure no one is taking our money or information.

According to some reports, Bank of America is going to spend $400 million on security this year.

In the next five years, Cybersecurity Ventures, a market research firm, predicts a total $1 trillion spend on the area.

Another estimate, this time closer to 2016, is illustrated below.

But no matter how much you spend, you are still vulnerable.

 For example, one of the biggest investment banks in the world, JPMorgan Chase, was a target of a huge data breach.

Names, personal info, emails and phone numbers were stolen from 83 million of its customers.

Since then, JPMorgan Chase has doubled their cyber security spending, from $250 to $500 million.

And this is not even mentioning small start-up companies that have smaller or minimal security budgets.

Understandable, since starting a business is difficult and any requirements for a minimum spend on security would choke the emerging market and create monopolies of the biggest banks.

 In fact, heavy regulation already does this: only the biggest investment banks can afford it.

In 2010, there was the Blippy incident.

It was a promising start-up that focused on sharing people’s spending activities in a very similar format to Twitter.

But it turned out that a few customers’ data had been allowed to be indexed by Google and thus were available to the public.

While it was a small incident, it called into question the whole start-up’s operations and the nature of the company itself.

It closed down one year later, despite the best defense the CEO could come up with.

Before this, it had received around $1.6 million in investment from various venture capital firms and individual venture capitalists.

Westby believes that we should continue using financial applications and financial sites, but that we need more awareness of the nature of the sites we’re using and how information we are sharing is stored and used.

Always read that fine print

It’s that common scenario.

You’re signing up to a website and, come the moment to finalize the process, you are presented with a mammoth thesis on the terms and conditions and asked to accept or decline those conditions.

Of course, you don’t read it, who has time!

However, this is all well and good for non-financial websites (at least from our point of view, a purist would argue you should always read it no matter the type of website), but with banking, it is much more important.

Read the disclosures on security and privacy of your company.

These are normally quite easy to find, and will be located on the website itself.

Get a good sense of how they manage data and security.

Of course, if the company has a dedicated customer service department, you could ask them these questions directly.

But the small print has the answers anyway.

You want to get a general picture of how well-equipped they are to prevent breaches of data or deal with those breaches should they occur.

Next, you want to see their security certifications.

The PCI certification is standard for payment card companies.

Look for one given by a qualified security accessor.

And make sure it was done under the PCI Security Standard Council program.

Other institutions might be certified and audited by the FFEIC.

Another significant standards agency is the TRUSTe Privacy Seal Program, through whom Mint is certified.  

The company’s programs dedicated to security and privacy should also get validated by a third party.

This could be done by the four big accounting firms which are:

• KPMG
• Deloitte
• PWC
• Ernst & Young

But other, smaller more specialized companies, or larger communications giants, can also do this: examples of these include Trustwave, Verizon, and Coalfire.

The company’s assurances are not enough.

Accept that long and tedious means secure

Companies that have proper security measures will be those encrypting your data.

This means converting it all into code that’s difficult to decipher as opposed to just storing it as it is.

This goes a long way to protecting it as even if their servers and databases are hacked, all they will find is a bunch of jumbled code.

However, many experts believe companies should go even further.

 Two-factor authentication is fast becoming the norm, even though it is annoying for customers at times.

Adam Levin is founder and chairman of IDT911, a security solutions company based in Montreal.

He argues this is completely necessary in this day and age in his book ‘Swiped.’

An authentication system such as this is one that asks you a series of questions when you are using a device it doesn’t recognize: say, when you log in from your friend’s phone or your laptop for the first time.

It will then send a verification code to something it trusts, like your mobile phone or the initial email you used to set up the service.

We’ve all encountered this, and while it might be frustrating at first, it is incredibly important.

Many companies still don’t do this because of this customer service factor, but in time it will probably become law.

Get protected

Because of the massive amount of money spent on security by companies, the easiest way for criminals to hack customers is to obtain information from them directly.

Phishing is the most common, and you’ve probably seen it before.

An email seems like one from a bank, asks you to click on a link and enter your details.

Once you’ve done that, BOOM!

They have you. Always be wary.

Your bank will normally have some information on their website saying they will never, for example:

• Email you asking for information
• Ask you for money
• Ask you to update details over the phone or via email

So you can know that if any of these pop up it’s a hacker or scammer.

A useful tool is having different passwords for all your different accounts.

That way if, God forbid, one is taken by hackers, the others are still protected. 

Be careful in public

This means Wi-Fi in airports, cafes, or public buildings.

These are much easier to hack than your home Wi-Fi, and thus, users on them provide easy targets.

If you go to a financial site, you are risking hackers seeing everything you are doing.

Here, Kaspersky gives tips on avoiding the dangers.

This is an area where concern needs to be elevated, as the pie chart below shows current awareness levels are low.

Keep your systems updated

Downloading a new version of the software you are using, whether its Windows on your laptop or Android or IOS on your phone, also adds new up-to-date security features.

At the end of the day, financial apps are useful and will become ever more part of our lives as stuff goes online.

But be wary and follow the advice in this article to make sure you don’t fall victim to the tricks of the hackers.