Safest Way to Bank Online? Your Cell Phone

Android Danger

Mobile banking services offer convenience and better security, for now.
But that may change. Google is hard at work on its Android phone OS, and iPhones make their way into more and more pockets and purses daily. So while phone OS consolidation holds great promise for better apps and services, it could also make phones more of a target.

Look no further than the Mac for an example of what may come. Apple's OS is still largely ignored by the bad guys, but its growing popularity means that it's no longer a haven of guaranteed security. Last November, Sophos notes in its report, a Mac user who happened across the wrong Web site risked getting infected by the OSX/RSPlug malware, which sought to subvert Mac network settings and to force any browser used on that Mac toward phishing and ad sites.

Not Out of the Woods Just Yet

The fact that little mobile malware exists does not mean that cell phones are completely safe, of course. Banking and payment systems require passwords and/or PINs, so someone can't just pick up your phone and start transferring money out of your account. But there's still plenty of personal information that someone could obtain through your phone.

Phishing--the other big threat to online financial security--may be even more dangerous for phones than for computers. If you read e-mail on a smart phone, you'll see phishing messages. And whereas on the desktop both Internet Explorer and Firefox employ built-in antiphishing protections, mobile browsers do not.

"You don't have all the antiphishing toolbars" for a mobile browser, says Dave Jevans, chairman of the Anti-Phishing Working Group. Also, some rare attacks twist the traditional phishing message to target mobile phones. Dubbed "smishing" or "vishing" for their use of SMS messages or VoIP systems, such scams may send a phone a text message containing a warning about a credit card account. If you call the number included in the message, an automated VoIP system prompts you to enter your credit card number, for example.

If mobile banking and personal payments catch on, phone-specific risks with malware and phishing may go up as well. "The expectation is that we will see more malicious applications on devices," says Samir Kumar, group product planner for mobile communications business with Microsoft. But for now, he says, the greatest danger arises when phones are lost or stolen.

Phone safety measures, such as locking the device, remain paramount today, especially if you engage in mobile banking, says Kumar. Another tip: Secure your phone's Bluetooth connection by limiting it to known devices.

For comprehensive coverage of the Android ecosystem, visit

Subscribe to the Best of PCWorld Newsletter