Russians were given five steps to improve the security of banking applications
Any user can independently improve the security of their banking application, the Roskachestvo Center for Digital Expertise said. Experts gave advice on how to do this without having complex technical knowledge.
1. Enable two-factor authentication
Most often, attackers gain access to mobile banks using social engineering, meaning that users themselves, often unknowingly, give them usernames and passwords. However, two-factor authentication (2FA) creates an insurmountable barrier against cyber attacks. Its principle is simple: two types of data are required to log in — your password and a phone with a one-time code from an SMS or push notification.
Enabling 2FA (mandatory in many online banks) blocks more than 99.9% of automated attacks on accounts. Even if a fraudster somehow obtains the login information for a mobile bank, he will be powerless without physical access to the device.
2. Set up biometric access
Most modern banking applications support fingerprint or facial recognition login. This is not only convenient, but also as safe as possible.
Unlike a password, which can be given to a fraudster, biometric data (fingerprints or Face ID) is unique. According to some reports, the probability of two fingerprints matching is about 1 in 64 billion, meaning it's almost impossible to fake them. All biometric data is stored in encrypted form and is never transferred to the bank or cloud servers.
3. Enable notifications about any transactions
Imagine that you have a personal financial security guard who immediately reports to you on every movement in the account. This is exactly the function that push notifications perform. You can set them up (almost always for free) for any account operations: logging in to the app, transfers, and purchases. This way you can instantly respond to suspicious activity and block the card or contact the bank before the fraudster has time to withdraw funds.
After the sanctions were imposed, some banking applications stopped sending push notifications to iPhone owners. For example, it is currently impossible to return push notifications from a mobile bank at Alfa-Bank. The only alternative left for Apple smartphone users is to enable SMS notifications.
"Regularly checking financial transaction notifications is the most reliable habit to protect money, even if the password is compromised. Careful monitoring of SMS, push notifications and emails allows you to quickly notice suspicious transactions and prevent losses by blocking the card or contacting the bank. This practice, combined with two—factor authentication and strong passwords, significantly increases the security of funds, allowing timely response to threats," said Olga Vyalshina, head of the Roskachestvo Center for Financial Expertise.
4. Limit the limits on transactions
If you don't make large transfers on a daily basis, why leave such an opportunity to potential attackers? Set a daily or one-time limit for operations in the application settings. In the case of hacking, this action will minimize financial losses by limiting the amount that a fraudster can steal in one transaction or during the day.
This measure is especially critical for smartphones of the elderly, who are just learning mobile banking and can become an easy target for scammers using social engineering.
5. Do not install programs for remote access and computer management
Programs such as TeamViewer or AnyDesk, which are designed to remotely control a computer or smartphone, are still a favorite tool of cybercriminals. Attackers, under various pretexts (for example, under the guise of technical support from a bank or telecom operator), can convince you to install such an application and provide them with an access code.
Once they have control of your device, they get a full visual overview of all your actions, including entering passwords and SMS codes, and will be able to directly make transactions on your behalf.
Important: no bank employee will ever ask a customer to install remote access software.
What else do banks offer for the digital security of users?
- A free caller ID is available for the bank's customers in Sberbank. The service detects or blocks fraudulent and spam phone and messenger calls. The bank also provides an opportunity to close access to accounts and deposits. Even if scammers get your password, deposits and accounts will be inaccessible in online banking and ATMs. The service also shows which devices were used to log into the mobile application.
- In Alfa-Bank, you can enable mandatory confirmation with a secret transaction code in the application. The secret code for the application can be of three types — numeric, alphanumeric and graphic. When logging in from a new device or browser, the service will send an alert to all linked mobile devices.
- You can prohibit cash withdrawals in the T-Bank application, meaning you will not be able to withdraw money from the ATM. When you need the money, you can quickly turn on the function on the same screen. You can also ban yourself from paying with a card. In addition, T-Bank can request identification confirmation via a selfie in case of an unusual transfer. The system analyzes a live face and rejects fake photos or videos.
"Every modern banking application has these settings. Their activation takes no more than 10-15 minutes, but at the same time significantly increases the level of security. This is the easiest and most effective way to protect your finances from most types of fraud. Remember, your financial security is in your hands. Check your settings regularly and be vigilant," added Sergey Kuzmenko, head of the Roskachestvo Digital Expertise Center.
Earlier that day, the Ministry of Internal Affairs of the Russian Federation reported that fraudsters had begun sending video files to messenger users, installing a program on the phone for remote access to the victim's online banking application.
All important news is on the Izvestia channel in the MAX messenger.
Переведено сервисом «Яндекс Переводчик»
