One should do simple things like downloading from right sites and avoid staying logged on.
Technology has been making banking instant and convenient.
To make it even more user-friendly, many banks have recently offering fund transfers to customers’ contacts in social media.
Last week, Axis Bank launched PingPay, a multi-social payment app that allows customers to send money to their contacts across Facebook, Whatsapp, Twitter, SMS or e-mail.
Kotak Mahindra Bank and ICICI Bank, too, offer similar services through Kaypay and Pockets, respectively.
According to security experts, as usage of mobile apps pick up, so will the threat of malicious apps and cyber crime.
In April, the Reserve Bank of India had to issue a warning about a mobile application doing the rounds on WhatsApp.
Bearing the RBI logo, the app said users could check the balance in multiple bank accounts through this single piece of software.
“As of today, mobile apps are safer than net banking services offered on desktop/laptops. It’s not because the apps are more secure.
“Rather, it’s because hackers and cyber criminals have still not turned their attention to mobile aggressively,” says Sanjay Katkar, chief technology officer and co-founder, Quick Heal Technologies.
He explains that the mobile apps are not yet the prime focus because the population of people banking through mobile compared to net banking is minuscule.
According to RBI records, of the 589 million bank account holders, 22 million customers use mobile banking apps.
While banks have made their apps secure and also use two-way authentication to avoid fraudulent transactions, experts say a majority of the security breach is about data, which is beyond the control of banks.
Cyber criminals plant malicious apps when users download from unverified source -- other than Google Play or Apple App Store -- or when existing apps in their smart phone take them to a third-party website.
“The malicious apps can take screen shots and also record keys that users enter.
“They also exploit vulnerabilities in the banking apps,” says Katkar.
The data can later be used to set traps and steal money.
According to the Quick Heal Quarterly Threat Report for the first quarter of 2015, the last few months have seen an exponential growth in the incidents of malware attacks on Android mobile banking apps.
The Android.Wroba.A malware, known as a banking Trojan, looks like a trustworthy app, but is created specifically to steal financial and personal information such as credit card details, online banking login credentials, personal information and more.
To ensure that you do not become prey, first and foremost avoid downloading apps from unofficial websites.
“Users should stick to Google Play Store and Apple App Store as they are constantly vetted for malicious apps,” says Deepak Sharma, executive vice-president (digital initiatives) at Kotak Mahindra Bank.
“He advises users to check the publisher of the software and avoid apps that are recently launched and have few users.
While it is not possible to get bank account-related data if a cyber criminal hacks into your social media account, experts said that users need to keep the access secure. Majority of the people don’t log out of their social media accounts once their session is over. To ensure safety, don’t remain signed in.
Jairam Sridharan, head, retail lending & payments at Axis Bank, says the device itself needs to be secure by a password to avoid unauthorised access.
To ensure the existing apps don’t lead you to third-party websites that install malicious software, a security software is a must on smart phones.