Is doing my finances on my phone safe?

Van Living Forum

Help Support Van Living Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

drn127418

New member
Joined
Jan 4, 2019
Messages
2
Reaction score
0
At this point, if I can't plug my laptop into a secured internet connection I don't feel safe doing my banking. Doing my banking and paying bills over 4g or someone else's wifi network (Walmart, Home Depot, Best Buy, etc.) seems risky to me. There are APPS and websites out there that tout that you can do all you finances on your phone (Prism APP and Mint, which is run by the folks who run Turbo Tax) safely. Are these processes secure over 4g or someone elses wifi?. Would I be safe going on my phone with only a 4g signal and entering userid's and passwords for my bank, VISA accounts with other banks, the utility company, verizon, experion, amazon, car and  life insurance companies, comcast, etc? We all know that politicians listen to each others phone conversations (even though it's illegal) all the time; can everything on my phone be recorded to get my userid's passwords, account numbers and passwords?
 
Unless you want to visit a public library and use their hard wired computers (which many people do!), then you are stuck using data like many other people do.

I use a VPN to try to cover my digital tracks. You can even use TOR if you want, on Android anyway.

I have almost everything set up to pay automatically out of my bank account. I've had my credit cards hacked several times, so if I can't do PayPal or pay with an online secure wallet, I don't do business online. The worst was when my debit card got hacked and although I eventually recovered the money, I was out several thousand bucks for a few months at a time when that really pinched me, so I never, ever expose my cards online anymore.

So: VPN, autopay, digital wallets, and if you're still worried, use a library computer.

The Dire Wolfess
 
The 3 primary concerns in determining if your communication is safe between your phone and remote party is safe are; 1) connection, 2) the application initiating the transmission on your end, and the receiving company application, and 3) the operating environment on your end, assuming the company is safe.

There will always be risks, but the following should minimize them.

1) Public wifi is not safe. Every cracker wannabe is out there sniffing them. Don't use it unless you have a trusted VPN connection. Finding a trusted VPN is another story altogether. Assuming you find a trusted VPN provider finding public wifi may or may not be convenient.

Using a phone providers 4G. This is a better option as typically the only sniffing devices are law enforcement and they are not concerned about your packets from your phone to your bank, assuming you are not the target for some type of investigation.

2) You must be using a trusted app for your connection. One that is encrypting the data at the app level before it even gets onto the network. What is a trusted app? Unless you have the ability to sniff the packets yourself to test, then its best to only place trust in the major apps such as a national bank app, major retailer etc. If its a small fish company, you might consider using your bank to send payments instead of using the small companies app. This is a bit of common sense. All companies have bugs in their code, but the big ones are working harder to find and correct them. The small guys may or may not be doing as good a job. If in doubt research the company.

3) Is your phone operating environment secure? Not to open a can of worms but of the two major phone operating systems, Android and iOS, I personally only trust iOS. This is a major topic. If you are truly concerned with security I would suggest reading the iOS security white paper, and they also do some research in Android, it's vulnerabilities, fragmentation, malware and slow updates.
 
Wow Plant, great stuff. I think based on what you've said I'm doing pretty good.

The downside is I just changed from iOS to Android. And even though I'm using Android now, I agree with you that my iPhone was safer. To help I don't install apps outside Google Play or Samsung (my phone manufacture). I use Ally Bank witch provides WebRoot security software at no charge. As you said; I use the app Ally provides to interact with the bank. I also never use my debit card to do anything on line. And we keep two separate bank accounts at two different banks in case one is compromised, we have a second account to use until things are cleared up.

My understanding is; when using public WiFi you have to be careful to what network you connecting to. Plant; I'm sure you know about this and could explain it better then I.

HomeDepot
Home Depot
McDonalds
Mc Donalds
Mc Donald's
mcdonalds

If you saw these WiFi networks, which one would you connect too? There are people setting up networks along side legitimate networks to tap your data and passwords. If you asked (say at McDonalds) an employee - whats the name of your network? They'll just tell you the short answer... just look for McDonalds WiFi,,, so they can go on and wait on the next person. Like I said though, Plant could probably explain this better.
 
Plant said:
The 3 primary concerns in determining if your communication is safe between your phone and remote party is safe are; 1) connection, 2) the application initiating the transmission on your end, and the receiving company application, and 3) the operating environment on your end, assuming the company is safe.

There will always be risks, but the following should minimize them.

1) Public wifi is not safe. Every cracker wannabe is out there sniffing them.  Don't use it unless you have a trusted VPN connection. Finding a trusted VPN is another story altogether. Assuming you find a trusted VPN provider finding public wifi may or may not be convenient.

Using a phone providers 4G. This is a better option as typically the only sniffing devices are law enforcement and they are not concerned about your packets from your phone to your bank, assuming you are not the target for some type of investigation.

2) You must be using a trusted app for your connection. One that is encrypting the data at the app level before it even gets onto the network. What is a trusted app? Unless you have the ability to sniff the packets yourself to test, then its best to only place trust in the major apps such as a national bank app, major retailer etc. If its a small fish company, you might consider using your bank to send payments instead of using the small companies app.  This is a bit of common sense.  All companies have bugs in their code, but the big ones are working harder to find and correct them. The small guys may or may not be doing as good a job.  If in doubt research the company.

3) Is your phone operating environment secure? Not to open a can of worms but of the two major phone operating systems, Android and iOS, I personally only trust iOS. This is a major topic.  If you are truly concerned with security I would suggest reading the iOS security white paper, and they also do some research in Android, it's vulnerabilities, fragmentation, malware and slow updates.

Thank you so much. Great information. On another note, if I can't get a 4g signal and I sign on to a public wifi to just send a text message, is it possible that someone is digging through my phone every minute I'm signed in to that wifi?
 
broken ed said:
HomeDepot
Home Depot
McDonalds
Mc Donalds
Mc Donald's
mcdonalds

Yep, best not to connect to any of them.  I only connect to wifi if I know its origin and then only sparingly. I prefer using unlimited Verizon data, even with its limitations.
 
drn127418 said:
Thank you so much. Great information. On another note, if I can't get a 4g signal and I sign on to a public wifi to just send a text message, is it possible that someone is digging through my phone every minute I'm signed in to that wifi?

The primary problem with using random wifi is that there is no good way to know if it is truly secure. The make and model of router is unknown.  There is no telling if the firmware on it has ever been updated. It may not be setup correctly, etc. In recent years there have been many successful attacks on routers due to the vulnerabilities, lack of updates, and misconfigurations. Malicious stuff that has compromised systems that connect to them.

Computer security of any type is always involves a judgment call.  How important is the data or communication should determine the level of protection.  I take more precautions protecting bank records, tax statements, for instance than I do some music I ripped from my CD collection. The banking stuff remains on my encrypted MacBook and goes to encrypted backups. I use my MacBook or iPhone via my own wifi router or Verizon LTE to connect to the banks via apps I know are not comprised.  The music, I'll dump up to OneDrive without hesitation. 

If your texting does not require high security, and your device is not compromised, and you are connecting to a legitimate public wifi, you should be ok.  If your texting is of the nature that needs to be protected, make sure to use a secure texting app, on a device and network you trust.
 
why would you even think about putting a banking password over a mac-anybody's wi fi ? use your bank's app and a leading phone suppler meaning like Verizon, not the crazy guy down the street with a low rent store front.
 
[quote pid='431342' dateline='1546619309']
Unless you want to visit a public library and use their hard wired computers (which many people do!), then you are stuck using data like many other people do.

I use a VPN to try to cover my digital tracks.  You can even use TOR if you want, on Android anyway....  


So:  VPN, autopay, digital wallets, and if you're still worried, use a library computer.

[/quote]


Thanks for the point about auto-pay, I would  never have thought of that!!  :shy: 

Also, I was curious about the wired computers of libraries.  Are they considered safe? Can they or someone else get into our info (*more* that a regular home-based computer)?  Can we wipe our history on a library computer?

Thanks again for the informative reply!
 
drn127418 said:
At this point, if I can't plug my laptop into a secured internet connection I don't feel safe doing my banking. Doing my banking and paying bills over 4g or someone else's wifi network (Walmart, Home Depot, Best Buy, etc.) seems risky to me. There are APPS and websites out there that tout that you can do all you finances on your phone (Prism APP and Mint, which is run by the folks who run Turbo Tax) safely. Are these processes secure over 4g or someone elses wifi?. Would I be safe going on my phone with only a 4g signal and entering userid's and passwords for my bank, VISA accounts with other banks, the utility company, verizon, experion, amazon, car and  life insurance companies, comcast, etc? We all know that politicians listen to each others phone conversations (even though it's illegal) all the time; can everything on my phone be recorded to get my userid's passwords, account numbers and passwords?

I was told by the people at my bank that using their app on my cell phone is more secure than using a browser to visit their website on my laptop.

I stopped worrying.

I suggest you have a chat with your bank.
 
I use a VPN, Private Internet Access. They have an app for your phone. That way everything your do
is through the VPN. I think I paid $2.33 a month by buying multiple months.

My computer guru son uses this one and I trust him implicitly.
Ted
 
If you are using the bank’s app, then you are probably ok, but should ask the bank about it. If you are using a browser and the web site starts with ‘https:\\’ and not ‘http:\\’, then you are using secured sockets which provides end to end security including encryption.  It’s been a while since I checked it, but I believe that secured sockets also provides ‘man in the middle’ protection. 

In 2015 there a replacement (really an evolution) for SSL (secured sockets) called Transport Layer Security (TLS) which dropped many of the older encryption algorithms and is now the favored layer for internet network security. From what I understand most implementations of TLS are backward compatible with SSL so that institutions can convert to TLS without impacting their SSL clients.  Overtime as apps upgrade to systems using TLS then the network communication would automatically be using TLS. 

Myself, I’m not too worried about doing banking over the internet using my cell phone hotspot since the end to end communication is using secured sockets (SSL) over a ‘https:\\’ web page.
 
Because Verizon has made changes my older model iphone will soon no longer work on any of the cell phone networks. I has now become the device I use if I want to go to a library and do a bit of browsing. But I don't use it for any websites where enter any passwords or accounts of any consequence related to financial or other private information where a hacker could take over my life.

I also have an older tablet I use for the same type of browsing on a public wifi network. My best tablet is connected via my Verizon phone account, I can use it for business stuff or when I want to download e-books from my public library account or google play, Amazon, etc. Accounts that I don't want a hacker to get access to.
 
Be aware of this scam: (my sister works at a bank)

Someone calls from your bank (spoofing the number of course). Needs you to verify your security questions to proceed. You give the answers... and then suddenly *poof!* you get disconnected!

This scam caller then knows your security questions and changes them... and liquidates your account.

You go to the bank.... and it was "you" who took the money out. :/

Do your banking IN PERSON with PHOTO ID.
 
I won't use a phone other than use its' hotspot feature to use my computer for banking and paying bills.

Scammers are everywhere, you just have to use some common sense when called or an email.
 
Moxadox said:
Unless you want to visit a public library and use their hard wired computers (which many people do!), then you are stuck using data like many other people do.

I use a VPN to try to cover my digital tracks.  You can even use TOR if you want, on Android anyway. 

I have almost everything set up to pay automatically out of my bank account.  I've had my credit cards hacked several times, so if I can't do PayPal or pay with an online secure wallet, I don't do business online.  The worst was when my debit card got hacked and although I eventually recovered the money, I was out several thousand bucks for a few months at a time when that really pinched me, so I never, ever expose my cards online anymore.

So:  VPN, autopay, digital wallets, and if you're still worried, use a library computer.

The Dire Wolfess
Public use computers....You don't know what kind of key logging malware might have been put on them or who is watching over your shoulder.

I do my banking on my cell phone. I make sure that wifi is turned off when I do anything that requires security.  I never store passwords for any type of financial transaction websites on my devices. I do not use the same passwords for those sites that I might use to log in to something such as forums. It is nice to have a fingerprint ID login phone for such things for the convenience and security. 

Here is some basic advice regarding using public access computers and public wifi connections. There are a lot of websites that offer good security advice.
https://www.getsafeonline.org/protecting-yourself/using-public-computers/
 
If you notice at the top of a browser when you are logged into whatever institution that there is a lock. That means the data between you and the institution is encrypted. That being said, I don't use any open hotspots (McD, Starsux, etc) as someone in there can become a man in the middle. This is the reason I use the hotspot on my phone or jetpack and do banking, bill pay with a computer. I hate the small phone screens for doing anything serious. Auto pay is the way to go in my book. I still login for those pesky credit cards that the balances waver on.
 
HotSpringsCyclist said:
Be aware of this scam:  (my sister works at a bank)

Someone calls from your bank (spoofing the number of course).  Needs you to verify your security questions to proceed.  You give the answers... and then suddenly *poof!* you get disconnected!

This scam caller then knows your security questions and changes them... and liquidates your account.

You go to the bank.... and it was "you" who took the money out.  :/

Do your banking IN PERSON with PHOTO ID.

NO legitimate financial institution will ever call you to verify your password or security questions. NEVER give this info to anyone who calls you. If you ever receive a call like this, tell whoever is on the line that they are a scum-eating fraud and hang up.
 

Latest posts

Top