Businessman using smartphone © Image Source, Image Source, Getty Images

Related topics: banking, financial privacy, cell phones, fraud, identity theft

My bank makes it easy to check account balances, pay bills and transfer money using a smart phone. And I do all those things, although I'm not sure I should.

My doubts only deepened after I talked with Avivah Litan, a security expert at consulting firm Gartner Research. Banks are still feeling their way when dealing with mobile technology, she told me.

"A lot of banks are working out what their security guidelines should be and what they should allow," Litan said.

In their eagerness to keep up with new technologies, banks sometimes stumble. That became apparent late last year, when several major banks, including Wells Fargo, Bank of America and USAA, had to rush to fix flaws in their iPhone and Android apps. Research company viaForensics found that the programs were storing sensitive information, such as user names and passwords -- sometimes in plain text. Although the banks said no one's information had actually been stolen, the data could have been easy pickings for thieves.

The situation with mobile banking is somewhat analogous to that of debit card fraud about a decade ago -- security procedures haven't yet caught up with the risks. After credit card fraud spiked in the 1990s, banks invested in software and other tools to sniff out potentially bogus transactions, which led to dramatic declines in such fraud. But crooks then switched to easier targets: debit cards. It took banks a while to ramp up technology for thwarting the bad guys.

Liz Weston

Liz Weston

Similarly, banks are quite good at detecting nonmobile online fraud. For instance, when you log on to your bank's website from your home computer, the bank's software makes sure it recognizes the machine being used. It also checks that your transaction fits in with your normal banking patterns -- and raises a red flag at unusual activity. The technology for authenticating mobile banking requests isn't as robust, Litan said.

In fact, Litan said, we users should be concerned if our bank allows us to do too much with our cell phones right now. High-risk transactions -- such as adding a new payee to our bill payment system or transferring money to a new outside account -- may be more than our banks' security systems can handle.

Security concerns won't keep mobile banking from growing, of course. Just over 13% of U.S. households accessed their bank accounts from a mobile device in the fourth quarter of 2010, up from 11.6% in the first quarter, according to ratings firm Nielsen.

One in five adults will use mobile banking services by 2015, predicts Forrester Research.

But in this case, it may pay to be a late adopter and let the banks perfect their security processes before you jump on the bandwagon.

Not everybody feels that way, of course. James Van Dyke, an identity-theft expert and founder of Javelin Strategy & Research, says mobile banking users can protect themselves and their financial data if they take precautions. Among them:

  • Password-protect your phone. If you have sensitive data stored on your phone, including passwords for accounts, this is a no-brainer step you should take whether or not you use your phone for banking.
  • Install an app that lets you wipe your data remotely. If your smart phone is lost or stolen, you can trigger this app to destroy information before it falls into an identity thief's hands.
  • Install anti-malware software. Just as you should have anti-virus and anti-spyware protection on your computer, you need it for any phone that you use to browse the Web. But make sure you get security software from a reliable source. The last thing you need is to install an app that pretends to protect you but steals your data instead.
  • Set up banking alerts. Automatic alerts via text or e-mail that tell you about unusual transactions are a must, whether or not you bank by phone, Van Dyke said. Early detection is essential to limiting the dollar cost of any fraud. You can set alerts up online with your bank.
  • Never text sensitive information. It's OK to get text alerts from your bank, but don't send passwords, account numbers or other sensitive data via text, which is unencrypted and not secure, Van Dyke said.
  • Be careful where you use your phone. Don't do any banking using a public Wi-Fi location, including hotels and airports, Van Dyke said. You can't be sure your data is properly encrypted or protected.

Litan is more conservative. She wouldn't use a mobile phone's browser for banking, she said, because she doesn't think mobile browsers are secure enough. And she's distrustful of smart-phone apps that aren't vetted in advance. Apps for Android, BlackBerry and Windows Mobile phones are "open market," which means third-party software isn't evaluated and approved by the phones' makers before being released. By contrast, iPhone apps are tightly controlled by Apple.

Such controls don't guarantee absolute security, as the bank app mess last year clearly shows. But they improve your odds of avoiding serious problems, Litan said.

Click here to become a fan of MSN Money on Facebook

"This is a very politically incorrect thing to say, but if you want to do financial services (from your phone), go out and get an iPhone," Litan said. "From a security standpoint, you want to go with the most closed environment."

Liz Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy" (find it on Bing). Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. Join the conversation and send in your financial questions on Liz Weston's Facebook fan page.