Unfortunately in today’s modern world of apps, things have changed and one needs to be even more security and privacy conscious than even 10 years ago.
It is no longer safe to use any devices for online banking that you also use for apps, since many of these apps have been found to be collecting user data, including screenshots, without proper consent and sending this data back to their own servers. For complete security in today’s world, you should own a basic second laptop or notebook which you use only for online banking and nothing else.
Standard advice on this issue of online banking security is now widely known, and usually involves the common tips of using strong passwords, having up to date antivirus, and not opening suspect emails. All of this is good advice, but is unfortunately not enough in today’s world, where big tech companies and app providers pay lip service to respecting user privacy, but all to often do not follow through on this.
In this article we want to add another layer to this issue of online security and cover some lesser reported stories of breaches of user data and privacy from apps that any user of online banking needs to know in order to make an informed decision on whether it is safe to use their devices to log into online banking.
In short, as we mentioned above, you can no longer guarantee the safety of your information when using any devices which also has apps on it, since many of them are secretly collecting user data without proper consent.
This is a situation which will almost certainly, sooner or later, erupt into a big scandal regarding the collection, loss, widespread leaking or selling of sensitive user data, including bank details, by apps without proper user consent leading to serious fraud issues.
This is why it is so important to be fully informed on what is actually happening in the modern world with devices, apps and collection of user data. Let’s look at the issue in more detail.
Some Obvious Tips For Online Banking Security
Let’s first cover some of the more obvious tips for online banking when using a laptop or other device, that you’ll find in other standard articles on this topic, plus from the banks themselves, as they are trying to help their users become more security conscious and avoid common scams and fraud.
These tips are superceded by what we are going to cover below, but are still useful things to do as secondary measures, once you are using a dedicated device for banking only that is secure.
- Make sure you are logging in on a secure connection. Do not use public Wi-Fi for online banking unless you are also using a VPN to encrypt your connection.
- Make sure your laptop or other device is installed with the latest up to date antivirus and antimalware, and run regular scans to pick up threats.
- Make sure your login/password details for online banking are long, complex and unique (not used for any other account logins). If you have a lot of accounts and password management is getting difficult, consider using a password management tool like LastPass, where you can manage all your logins with one super strong master password.
- If your online banking service allows some form of two factor authentication (ie. some second line of verification to prove a login is legitimate), then enable it. This is usually security codes which are texted to you to verify logins. Many banks now have this by default.
- Never give your login or password details to other people, especially those who phone or email you asking for them because of a “security issue” or some other excuse. Banks are very clear that they will never contact you asking for account or login details out the blue, so if someone does, it’s a scam.
- Related to this, don’t open any suspicious emails or attachments. If they’re asking for sensitive details and you don’t know them, it’s a scam.
- Be careful with emails trying to manipulate emotions, by trying to instill fear or gain trust and sympathy to get you to hand over bank details.
- But before all of this, make sure you are using a separate device only for online banking, if you use a lot of apps on your main laptop. We’ll cover this in the next section below.
The Issue of Apps Collecting User Data
This is a story I came across on the Armstrong Economics blog – an excellent resources for news on many topics you will not find reported in mainstream outlets. This particular story was not given nearly the coverage it should have been, since the implications are important for anyone that uses laptops or other portable devices for online banking.
In short, studies have found that several apps – some of them household names – have been collecting sensitive user data without user consent when device owners are using their apps (and possibly other apps and programs on a device they have been installed on)
More worryingly, sometimes they are even logging keystrokes and taking screenshots of your phone when you are using it, and sending this data back to their own servers/analysts without always properly blocking out sensitive details like card details.
Here are just some of the major companies who’ve been caught doing this with their apps:
- Air Canada
- Abercrombie & Fitch
- Singapore Airlines
This represents an unacceptable security risk, and is especially concerning given these app providers are not at making it clear, in very specific language, that this is what they are doing.
There may be some vague lip service to “collection of user data for analytics and marketing”, or some other generic wording, but they don’t specifically and clearly inform users that they are collecting screenshots and other information to track how people use their app in real time.
I suspect the reason for this sneakiness and lack of clarity is clear – if many users knew that the apps were doing this, they would not be happy about it and would stop using the app altogether.
Some apps have been found to be logging and collecting sensitive user data in real time
Moreover, if they can do this when using their own apps, they can probably also track how you use other apps in real time, including online banking apps.
Most users would probably not be happy with apps logging what they are doing in real time, especially when doing privacy sensitive things like making payments, and sending it back to their own analysts.
This is why security and privacy needs to move up another notch to be truly safe when banking or making other payments online, even from what we might have considered “safe enough” just 5 or 10 years ago.
Unfortunately, the companies themselves are not being told to stop this behavior as of yet, so users will have to be proactive on this one. Let’s look at how in the next section.
What is becoming painfully obvious is you SHOULD NOT use your phone for financial transactions — PERIOD! Additionally, get a cheap laptop and use that for any financial transactions with NO OTHER apps for movies, travel, or anything. Segregate your financial transactions from the rest of your activities.
Use a Second Laptop/Notebook For Online Banking Only
The implications of these reports for online banking security are that to be fully safe online, you cannot unfortunately rely on app providers to respect your privacy, and therefore you should not really be logging into online banking on any device where you also have a lot of apps installed.
The best solution is to purchase a cheap second laptop which you use for online banking only, and keep your app use on your primary device. This may sound like an extreme solution but is really necessary given the studies which have not come out, but which are not being widely reported on by the other tech sites.
Unfortunately, even a VPN will not protect you here, since whilst they can securely encrypt your connection and stop external hackers from snooping on your details, they cannot stop apps already installed on your device from taking screenshots and logging keystrokes.
This is a different level of security vulnerability altogether, and the only way around it is to simply use a completely separate device for online banking which does not have apps installed on it.
Here are some suggestions we make for online banking security:
- Do not log into online banking, or any other sites where you are performing very sensitive financial transactions, on devices like phones and laptops which have a lot of other apps installed on them.
- The linked article goes even further and argues you should not use your phone for any financial transactions at all, since the security risks with “snooping” and tracking are now too great.
- Another option is to purchase a cheap, basic second laptop to do all your banking/financial transactions on only, without any other apps installed on it at all. This effectively segregates your financial transactions from all your other online activity and preserves your privacy better.
- Alternatively, you could simply thoroughly delete all your apps off your main device and use it only for online banking, though this would reduce convenience for those used to using these apps.
- See here on Amazon for some budget laptops. Use the filter on the top right to sort in ascending price order from low-high if you like. Basic laptops/notebooks are available for around $100 or less.