“Anyone who has access to your cell phone has access to your identity in a few clicks,” said Elizabeth Baker, an assistant professor at Wake Forest University and an expert in information system security issues. “Often, credit card companies limit your financial responsibility if your card is stolen and fraud is committed. This is not true for your checking and savings bank accounts. Money fraudulently withdrawn can be costly.”

The new report acknowledges this growing risk. It notes that while the current level of risk is probably still lower than using online banking on your PC, criminals are quickly turning their attention to the mobile platform as more consumers start using mobile devices.

“As the mobile device becomes the number one screen for our daily lives it conversely becomes an increased target for malicious activity,” the report finds. “Mobile devices are increasingly being attacked.”

Potential

But the report, compiled by Goode Intelligence, says the mobile banking platform has the potential to be much more secure than your desktop. That's because it can also be used as a security token.

If a consumer registers a specific phone to the bank account the authentication process can be simplified for the user who merely has to enter a private PIN or passcode to prove they are in possession of the registered phone.

At the same time, the report says smart phones have the potential to offer stronger authentication. Geolocation, voice recognition, built-in cameras and fingerprint readers could all be used, if required, to offer additional layers of security when authenticating users.

Seamless security

The report suggests this could all be done seamlessly, so that mobile banking is both secure and convenient for the consumer.

Most importantly, all these extra measures could be added without spoiling the user experience. It means that mobile banking can offer better security and better user convenience at the same time.

To reach that level of security, however, it says banks should create an encrypted communication channel between user and bank. It should then create a security protocol that only allows the registered phone to access the account and ensures that the person using the phone is the registered customer.

That security layer is currently lacking. Experts like Baker worry that smartphone users currently are not taking enough steps to secure their phones with password protections, in the event they are lost or stolen.