Is iPhone Banking Safe? An Expert Answers

iPhone and mobile banking can feel like setting foot in the jungle: You don't know what's in there, but you suspect a lot of it's not good. We hear a lot of terms thrown around when it comes to iPhone banking security: 128 bit encryption, two factor authentication, security dongles—and a lot of scary anecdotes about millions of credit card account numbers being stolen from this or that company. Getting to the bottom of whether iPhone banking is safe can be confusing at best. So is iPhone banking safe?

To get a real handle on the question, 'Is iPhone banking safe?' we interviewed internet security expert Bruce Schneier, cryptographer, fellow at Harvard's Berkman Center and the Chief Technology Officer of Resilient Systems. He's also the author of various books on general security, cryptography and computer security, including the critically acclaimed Beyond Fear: Thinking Sensibly About Security in an Uncertain WorldData and Goliath: The Hidden Battles to Collect Your Data and Control Your World, and Schneier on Security. Schneier has been called the closest thing to a rock star that the security industry has.

Is iPhone Banking Safe? Yes.

We asked internet security guru Bruce Schneier, 'Is iPhone banking safe?' His answer: 'Yes.' But why should we trust iPhone banking and mobile banking in general?

'Because we look around the world and we don't see people losing money left and right,' Schneier said.

Schneier isn't referring to cybercrime at large, which costs an estimated $375 to $575 billion worldwide each year. It's true that banks and other large companies lose a lot of money to internet crime. But banking customers themselves almost certainly lose very little money from iPhone banking or from mobile or online banking.

Why is iPhone Banking Safe?

We asked Schneier whether 128 bit encryption is the biggest reason iPhone banking is safe.

'Nobody cares about that,' said Schneier. 'Your house is not secure because of your door lock. Your house is secure because of everything that happens in your city, in your country, in your world that makes your house secure. I could spend an hour telling you about the design of your door lock and you would be no better off with security than before. Security is very social. Banking is secure because if something happens, the bank makes good on it, we catch criminals, we're mostly lawful, you know, things are basically okay.'

iPhone Banking is Safe Because the Banks Make Good on It

Ultimately, no matter what ingenious security algorithms and devices banks invent to keep their money safe, someone will invent a way to fool them. Then the banks will invent something trickier, someone will find a way around that and so on. It's a game that's been played since the first wooden bolt was invented thousands of years ago.

What really makes iPhone banking safe for individual bank customers is that if money is stolen from your account because of it, generally speaking, your bank will reimburse you for the money. Most banks offer some form of zero liability to their customers for iphone banking and mobile banking.

'Generally that's true,' said Schneier. 'There are exceptions but generally that's true. If something happens the bank will make good. Now, if you get caught with a scam and wire your life savings to Uganda, you're on your own.'

But for normal everyday checking deposits, transfers and other mobile banking transactions:

'If you wake up one morning and find $30,000 missing, you call your bank and say, hey, what happened?'

To check on this, we contacted Capital One to ask if iPhone banking was safe, and they told us:

'Capital One actively monitors our customers' accounts. If we detect suspicious activity, we will contact the customer to confirm if there has been fraud on the account. If a customer finds fraud or if their debit or credit card has been lost/stolen and is used, the customer will not be held liable.'

In fact, Federal regulations require banks to reimburse customers for fraud amounts over $50, provided the customer reports the theft or fraud within 60 days. However, Capital One takes this a step further. According to Capital One:

'Capital One offers $0 fraud liability even if it's reported after 60 days. This also holds true for our credit cards.'

The bottom line here is, bank customers generally don't suffer directly from internet and mobile crime: banks do. Do the banks then pass those losses on to consumers in the form of higher fees? Almost certainly. The gist of it is, you're already paying for the losses from crime related to mobile and iPhone banking, so you might as well use it.

Is iPhone Banking Perfectly Safe?

In a word, no. iPhone banking and mobile banking in general, like anything, can never be perfectly safe.

'It's not perfectly secure of course,' says Schneier. 'Are you secure against murder? Yes. Does that mean murder is impossible? Of course not. But are you afraid to go outside? No. Of course not. And it's not because you're wearing a bullet proof vest, right? Because you don't wear a bullet proof vest.'

'You really have to think about it socially,' says Schneier. 'It's not just the technology. Technology plays a very small part in security. The bullet proof vest you're not wearing would make you safer, but you look at that and say, well I don't need that, that's kind of dumb. You know, things are okay. The murder rate's not high. Now if you were living in war torn Somalia you might think differently.'

'It's not perfect. Internet banking is safe because we all do it and it works out okay. But if you want to be 100% secure, don't be online.'

We might add, in that case, don't walk into a brick and mortar bank either.

What Can Consumers Do to Make iPhone Banking Safer?

iPhone banking is already safe, but there are a few things consumers can do to make it even safer.

  1. Choose a good password. The best passwords are random strings of letters and characters. For tips on how to create good passwords, see Schneier's tips on choosing passwords here.
  2. If your bank offers additional security measures like two factor authentication, use them. According to Schneier: 'If nothing else, you are more protected if something bad happens. You know the bank's going to say, "We told you to use this two factor authentication and you didn't do it. You're on your own." So you almost want that for liability protection more than anything else. You want that so you don't get blamed.'
  3. Monitor your account's transaction history. Since banks will generally reimburse you for any money stolen from your account as a result of iPhone banking or mobile banking, you need to monitor your accounts and report any suspicious transactions immediately. Your bank can't reimburse you for a theft if you don't report it.

So Yes, iPhone Banking is Safe

According to Schneier, yes, iPhone banking is safe. Mobile banking is safe. Internet banking is safe.

'I bank online. I don't worry about it,' says Schneier. 'Anybody who drives a car, that's the biggest risk in their life.'

Categories: Text, Written Interviews

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.