The safety features of mobile banking apps and the authentication protocols mean that banking via mobile is usually very safe.
Similarly, the security features banks use in their online banking websites are designed to protect customers.
Anyone using mobile or online banking should follow basic security principles and ensure they utilise all the security measures available to them.
Is mobile banking safe?
Mobile banking apps allow customers to access everyday banking activities through their smartphone.
Banking apps are available across all major and challenger banks, although mobile only banks like Monzo and Starling Bank only offer digital banking and do not have a network of branches.
The official mobile apps offered by UK banks are usually as secure as it's possible to make them, including features like:
- Advanced security systems to monitor accounts
- Security technology built into the app
- Remote blocking features in case a phone is lost or stolen
- Real-time transaction notifications
- Warnings about transfers and payments
The ways customers can access their mobile banking app will also rely on extra security steps such as:
- Fingerprint ID
- Face ID
- Passcodes or passwords
Wherever possible, customers are advised to use methods to access their mobile banking apps that only they could use such as fingerprint or facial recognition.
As we explore later in this guide, there are risks to mobile banking, yet many of them can be mitigated by taking precautions and don't necessarily make mobile banking more dangerous than online or in-person banking.
Are other financial apps safe?
Some providers calling themselves mobile banks may not be fully regulated and money held with them may not be protected under the Financial Services Compensation Scheme (FSCS).
In addition, money management apps like Plum, Emma and Cleo draw information from multiple financial accounts (with our permission) and use apps that draw on features of official mobile banking apps such as saving spaces but are not delivered by our banks.
However, this doesn't mean that the apps themselves are insecure or do not have high levels of security built into them.
To take Plum as an example, they state on their website that they incorporate advanced security as standard plus:
- They never store or have access to customers' bank login details
- They only receive read-only access to user transaction data
- They use symmetric cryptography (AES) to store sensitive data
- They use advanced password algorithms and 256-bit TLS encryption to communicate with their servers
While this is just one example, customers should check the security features used by any third-party app they intend to use alongside their official mobile banking app.
Risks mainly come from choosing an app that is not regulated or mistakenly installing a spoofed app - we'll look at those dangers in the risks section below.
For more about the differences between a regulated bank and a non-regulated one, read our comparison of Monzo and Monese.
Is online banking safe?
Online banking remains one of the most popular ways to undertake everyday banking activities, as the Financial Conduct Authority (FCA) explored in their 2020 Financial Lives research, with 74% of adults using it within the previous 12 months.
The difference between online banking and mobile banking is that online banking is accessed through a browser rather than an app. Although this could be a browser on a smartphone, it's still a browser and not a dedicated app for mobile banking.
As with mobile apps, banks and other financial providers have invested money in protecting customers who choose to bank online.
Common security measures include:
- Secure encryption
- Multiple steps to login
- Timed logout
- Card readers
- Warnings about transfers and payments
Card readers are a key method used by banks to ensure that the person trying to login to the account is the authorised person. These readers are small devices that generate a code that is then entered on the bank's website and, although there have been issues in the past, they generally work well.
Some customers will receive SMS messages with a code rather than using a card reader when trying to login - this follows the same principle of using a device that only the authorised account holder should have access to.
Accounts will also require passwords and PINs to log in via their websites.
What are the risks of mobile banking?
Mobile banking is targeted by fraudsters in the same way that other forms of banking are - although the methods used may be different.
We've already discussed the steps banks take to secure their mobile banking apps. Those are largely out of our control and the most we can do is to listen to banks when they issue warnings suggesting security has been compromised in any way or when other companies we use warn of data thefts.
However, there are other common risk factors for mobile banking apps that customers can act to prevent:
- Downloading fake banking apps
- Fraudsters gaining access after learning login details
- Insecure wi-fi
- Loss or theft of phone
- Fraudsters using phone calls to persuade customers to reveal details
- People viewing secure details over a shoulder or via CCTV
These risks can be mitigated by customers being safety conscious and acting to limit the possibility of fraudulent activity on their accounts as we explore below.
Is mobile banking safer than online banking?
Although both mobile and online banking have associated risks, mobile banking is often accepted to be more secure, and its security protocols are more convenient than those offered by online banking.
Mobile phones that are kept updated and protected are a great tool against the type of security risks that may affect our mobile banking apps, especially if we use Face ID and other biometric recognition to secure our devices on a day-to-day basis.
Opponents of mobile banking point to the fact that a smartphone is more easily lost than a computer, yet supporters argue that the extra biometric measures on smartphones mean the apps cannot be accessed even if the phone is stolen.
It's now required for banks to use multiple methods of verification when their customers are logging in, whether that's via an app or through online banking.
A mobile banking app with access authorised by facial identification or fingerprint recognition fulfils the criteria of being something you have (phone) with something that you are (face or fingerprint).
Meanwhile, online banking can be fiddlier with customers often needing their computer and password details as well as either a card reader or a phone to generate a login code.
These are secure procedures, yet the need for multiple pieces of technology (computer and phone, computer and card reader) means it's possible logging in could be more difficult.
Is it safer to bank in-person than on mobile?
The most popular method of undertaking everyday banking activities in 2020 was via ATM according to the FCA. 84% of people used that method, a figure consistent with their 2017 research too.
However, at the same time, the number of people who used in-branch services for their banking dropped from 63% in 2017 to 50% in 2020.
As with other forms of banking, efforts have been made to reduce the amount of fraud perpetrated in bank branches, with the Banking Protocol enabling staff to alert police if they suspect a fraud attempt.
Yet bank branches closing in their thousands, meaning even customers who want to bank via a branch are finding it more difficult to do so.
Bank argue that more customers are turning to digital banking and using branches less, as the FCA data indicates, however some customers are being forced away from branch banking because of the closure programmes.
In addition, as we explore in our guide to debit and credit card fraud, there are other dangers to be aware of when using ATMs and banking in person.
How to ensure your banking app is safe
Customers using mobile banking apps can improve their security by considering the following questions:
- Is the app genuine? Some scammers target mobile banking customers by making fake apps seem legitimate. Always follow links for downloads from your official bank's website and pay attention to their security warnings.
- Have you downloaded any additional security software recommend by your bank? If this is verified security software, it can be an extra layer of protection.
- Have you enabled the most secure forms of security? Biometric protection gives our banking apps an extra layer of security, so make sure they're turned on.
- Are you accessing the app through secure wi-fi? Don't use insecure wi-fi to undertake transactions or check banking apps in case details are intercepted.
- Are you mindful of your surroundings? Just as fraudsters can stand behind us at a cash machine and view our PIN, people can peer over our shoulders and see our passcodes (if we use them).
- Have you checked your mobile device settings to make sure it's secure? It's important to have a layer of biometric protection on the device itself as well as the banking app - two layers of protection before assessing the app is better than one.
Anything that is authorised by a bank themselves should be safe to use, but it's important for customers to understand how something works and to make their own judgement on its safety.
Following basic security principles should help keep a smartphone banking app safe, although customers should remember that the app itself is just one part of the puzzle.
Strong passwords, regular checking of accounts and a general wariness of revealing anything to anyone else are vital elements of keeping all aspects of personal banking secure.
What happens if mobile banking goes down?
One concern that customers have about using mobile and online banking is what happens if the service suffers an outage.
TSB also suffered a catastrophic failure in 2018 that occurred because the bank's IT provider implemented a new system without fully testing it in a live environment.
It's rare that a bank will suffer a complete outage of their digital services, and we're more likely to see warnings from banks that there are intermittent outages or some customers are experiencing problems.
Unfortunately, there's no guarantee that an outage affecting mobile or online banking will not also extend to a bank's other systems such as their telephone banking services.
This may mean that our ability to make payments and access cash are affected, whether we use mobile/online banking or not.
In such cases, we should:
- Try and contact our bank and look out for official information from their websites or social media accounts about what is going on
- Keep track of how the outage has affected us and our budget including receipts and any fees or charges from being unable to transfer money between accounts or make payments
- Monitor our credit score to see if any issues have a knock-on effect
- Escalate complaints to the Financial Ombudsman Service (FOS) if the bank is unhelpful
Ultimately, modern banking is powered by IT, and we can see issues occurring no matter what method we use to fulfil our banking.
Yet it's important for us to remain vigilant when we're undertaking anything financial and be aware of the methods scammers may use to take advantage of us.
In the case of banking outages, for example, we might see fraudsters encourage customers to hand over their banking details to help them regain access to their account.
We explain more about how to avoid such scams in our guide to online scams or read more about keeping your personal details safe on social media.
Summary: Secure way to bank
Mobile banking apps allow us easier access to our money and our transactions than ever before.
For many people looking to switch their current account provider, whether their new bank has a good mobile banking app with useful features is often a key consideration.
We've come a long way since 2014 when a spate of fake SSL certificates compromised the safety of banking apps. Providers have upped their game and the growth of banks and providers like Monzo and Starling who are digital first has led to mainstream providers like HSBC upping their game.
Thanks to the security features embedded in our banking apps and the multiple layers of authentication we must go through to log into them, it's very difficult for other people to take control of them - and even if we lose our phone, no one else can access the apps due to the banks' security measures.
The FCA found that 58% of people were using mobile banking apps in 2020, up from the 41% seen three years earlier.
Banks understand that they need to keep their customers safe and all details secure, but their security can only work as well as we allow it to.
- Download official versions of banking apps
- Only use third-party money management apps that are trustworthy and regulated
- Follow all security steps advised by your bank including downloading updates
- Don't give your mobile or online banking login details to anyone else
- To enable real-time notifications to keep track of spending on your account
The convenience of mobile banking means we can keep a close eye on our banking, even freezing our cards or blocking certain types of spending if we want to.
As long as we continue to keep security at the forefront of our minds, there's no reason why we can't enjoy safe mobile and online banking, no matter which bank we choose.