Clay Calvert, the director of cybersecurity for MetroStar Systems, has a strategy for banking online designed to increase its security. MetroStar is a consultancy that has worked with government agencies—from the Federal Reserve Bank of Philadelphia to the FBI—to create systems that protect highly sensitive data from cyber attacks. Calvert banks online, but with one caveat: he only does it on his phone or tablet.
At face value, this seems counterintuitive; aren’t public networks easier to hack than a home or office Internet connection? But you are more of a problem than the network, according to Calvert. “The technology to defend [systems] has increased a lot. In fact, it’s usually the human element that gets foiled.” For example, security breaches are much more likely to happen when a human clicks an innocuous link or responds to a phony email. Cybersecurity systems operated by companies have beefed up significantly since the beginning of the internet age.
Calvert will bank online via a tablet device or smartphone because they generally require consumers to download any software from an app store. Those apps also ask your permission to access and interact with other data on your system.
Programs can be downloaded on a computer without a user realizing, and then generally have access to his entire system—memory, hard drive, etc. “The bank trojans will get loaded into your machine and they will watch you when you type in your password and PIN code,” Calvert says.
Applications available through a mobile app store—whether Apple’s or Android’s—are being monitored for suspicious behavior, particularly for the first few weeks after they’re launched. Although Google’s Android software is more open to developers than Apple’s, Google nonetheless scrutinizes new software loaded in its Play Store, and recently even forced updates to load through its store.
App-based banking isn’t a total panacea for internet safety. “There have been some app developers that have waited a couple weeks before having software act in an adverse manner,” he admits. “But I trust it a whole lot more than a system that doesn’t vet its applications at all.”