Smart phones and not feeling comfy with apps & getting banking apps

35har1old

tacpot12 said:

One thing I have become aware of recently relating to iPhones is that owners are being targeted by theives who try to look over your shoulder as you unlock your iPhone. If you are set-up to use a PIN to unlock your iPhone they will memorise the PIN, and then grab your phone, if you unlock it with a fingerprint they will just grab the phone and run off with it and hope they don't accidentally hit the power button as they grab it.  

As soon as they are out of sight, they change the password on your Apple ID account. This locks you out of the account. They then turn off the Find my phone feature, which you cannot activate because you are locked out of your Apple ID.

Then they use any apps that don't have PIN numbers, such as Amazon, to order stuff using your stored cards. Amazon app allows them to enter a new deliverry address. 

They also use the in-built password store to access websites, which might include online banking websites, and in some cases have emptied bank accounts of thousands of pounds.

As part of me reviewing my security on my phone, I have installed a different Two-Factor Authenticator. I was using the Google Authenticator, but this is unlocked if you have a PIN number to unlock your iPhone. I am using "2FAS Auth" as my auhenticaor now as this generates all the same codes using the same algorithm as the Google & Microsoft Authenticators, but allows you to set a unique PIN like on a banking app, and only that PIP will unlock it. It also allows you to backup your 2FA tokens so that you can restore them if your phone is stolen. I have backed them up to dropbox, and then deleted the Dropbox app from my phone. I will reinstall the app if I add another 2FA token and will re-backup the tokens. 

The solutions are: 

1. Be vigilant when using your phone in public. 
2. Don't let anyone see you enter your iPhone pin number
3. Delete any passwords that are stored on iPhone for use in web browsers 
4. Stop using any Apps that are unlocked if your iPhone is unlocked. I think Apple Pay may be one of these. I don't use it, so I can't be sure. Amazon is another app that is unlocked if the iPhone is unlocked.
5. If you go to pubs and clubs, consider getting a second phone that just has a few essential contact numbers, and perhaps apps for the taxi firms you use, and only take that phone with you on nights out.    

I am still happy to use banking apps on my iPhone because these are protected by a seperate PIN. 

Also reduce the amount of time the phone remains active when not being used.

MMags22

I have recently started using the First Direct Banking App (was a requirement for getting my £175 switching reward.)  I am also a long term Online PC banking user and previously have avoided Apps as I perceive them as an increased risk.
  (Of course the Banks say they're safe. All banking is declared safe - which is why there's never, ever, been a problem!  LOL!)
-  Obtained an old(ish) phone specifically for the App for £30, never to be taken out of the house or used for general browsing or other less secure Apps.  Apples do not meet my financial principles, so am totally Android on mobile. Don't need a card for the special phone - can receive the occasionally required Texts on another phone.
-  Really good to be able to upload cheques without either sending them off into the postal system (and where it seems the possibility of loss is never mentioned) or struggling with mobility accessing town centre banks.  There are problems, however if the scan isn't good enough.  Beyond First Direct's capabilities to warn you or explain via in-App - good thing they are very good at answering the phone - but you're then left with the old methods. 
-  We have one problem with many Banking systems as we don't have a mobile signal at home. Have to use WiFi calling - currently 1p mobile and SPSU - for Text over Wifi.  

Undervalued

chrisw said:

Banking apps on an iPhone are extremely secure, probably a lot more so than using a web browser.

They also tend to be cut down versions of the web accounts and are, in my opinion, much easier to use. 

The biggest risks are the human element - phishing, texts, etc, so as long as you're clued up on these, any security risks will be minimal.

Indeed.

Several years ago when a friend was a victim of identity fraud (bank account opened in their name by a fraudster then used for expensive mobile phone contract) both of their banks' fraud departments strongly advised them to use their phone apps rather than a web browser. It takes one variable out of the equation and ensures that you are using an app they the bank has provided, which will only run on an operating system they are happy with. 

ih8stress

I am a newbie smartphone user too and am more confident with computers (though not entirely, as many on this board will testify   )

One thing that I would suggest, and that does not seem to have been highlighted, is to use a DIFFERENT phone for Two-Factor Authenticator (2FA) text messages if possible.