Mobile Banking Security Recommendations

 

 

Purpose

 

The Information Security Department of Hampton Road Bankshares (Bank of Hampton Roads, Gateway Bank and Shore Bank), hereafter referred to as “Bank”,  has developed these IT security recommendations for mobile banking customers of the Bank for Mobile Online Banking transactions, to include viewing/printing account balance, performing transfers or bill pay transactions, viewing/printing transaction history, viewing/printing Bank statements, etc., which sets forth guidelines for appropriate administrative, technical, and physical safeguards over sensitive transactions with the Bank.

 

Scope

 

These recommendations are recommended reading for customers utilizing mobile online banking.

 

Recommendations

 

(please note these are best practice RECOMMENDATIONS and are not intended to replace other measures to prevent fraud, nor are these all-inclusive for all types of customers. Following these measures does not guarantee the customer will not be defrauded, nor does the Bank assume liability if the customer is defrauded even after following these measures):

 

  • Immediately report lost or stolen phones or devices used for online banking to the Bank to have that phone disabled in the system.
  • Password-protect your mobile device to protect against unauthorized access. Use a PIN or password that is different than the password you use for online banking, and is not easily guessed (do not use sequential numbers or letters on the keypad, e.g.). When possible, use at least 2 different character types in your password (1 number and 1 capital letter, for example).
  • Delete text messages and emails you receive from the Bank after reading them.
  • Always log out of the mobile banking online site or application completely.
  • Do not store personal information, including your account information, on the device.
  • Do not send your personal information or online banking credentials via email or text message, as both are easy to intercept.
  • Do not set your device settings to auto-fill or save user IDs or passwords, particularly for online banking.
  • Do not click on any links in text messages or emails that claim to be from the Bank. Instead, go to the Bank’s website directly to log in to online banking.
  • Do not reply to text messages or emails you are not expecting from the Bank; a common fraud involves sending the victim a message saying their debit card has been deactivated, or their banking credentials have been compromised, e.g. Call the Bank directly using a published number concerning your accounts.
  • Do not use “jailbroken” or “rooted” devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone’s built-in operating system to control it outside the vendor’s original intention) exposes the device to additional malware.
  • Connect only to trusted, secured Wi-Fi networks when performing online banking transactions using your mobile devices. Do not perform mobile banking on untrusted, unsecured networks.
  • Download security and maintenance patches as they become available for your device and applications. These are usually included in the maintenance updates device and application providers distribute periodically.
  • Utilize the security features on your device. Enable encryption, remote wipe, and location tracking if possible. Consider using additional security software and anti-malware solutions that may be available for your device.
  • Only download mobile applications from trusted sources. Do not install applications that are emailed to you or that you receive links to from others.
  • Practice caution when downloading mobile applications. Mobile devices are also susceptible to malware. Android devices are at the highest risk due to their open source platform, but all devices may be targeted.
  • Scrutinize the privacy policy and the permissions of mobile applications that you download. Be wary of functions that track your location or access device resources that seem outside the scope required for the application to function.
  • Remove all data from the device before discarding it.
  • Never submit confidential/sensitive account information in unsecured (unencrypted) email to the Bank or affiliates; you may email your customer relationship manager (including no sensitive information) and request that the CRM send you a secure encrypted email, to which you may reply within the encrypted session. OR, you may go to the Bank’s website and click “Contact Us” and submit a request that someone contact you using secured (encrypted) email—again, do NOT submit any confidential or sensitive data in the initial request.
  • Avoid sharing account credentials (user ID or password) with others; use unique account credentials for online banking whenever possible. Never provide your online banking password to others.
  • Report all suspected bank fraud or suspicious activity to the Bank immediately.
  • Regularly review online banking statements/Online Banking transactions to ensure all are legitimate.
  • Visit the Bank’s Security and Privacy website often for updates on our internal security measures and recommendations for security:
  • Review the Bank’s tutorials on secure banking at: