Best Practices for Safe Mobile Device Usage
Online security is a top priority at The Commercial & Savings Bank (CSB). We want to provide crucial information, tips, and tricks to help protect your secure information.
Mobile Banking is constantly changing, making it difficult to identify all possible risks, but this comprehensive set of guidelines will give you knowledge to protect yourself and utilize mobile banking with confidence.
If you are using a mobile banking application, such as CSB’s Mobile Banking App, your smartphone could be a target for malicious individuals who want to steal your identity or those you lend your device to.
What is a Smartphone?
A smartphone is a cellular phone that performs many of the functions of a computer, typically having a touchscreen interface, Internet access, and an operating system capable of running downloaded applications, more commonly known as apps.
On which smartphones can I install the CSB Mobile Banking App?
The CSB Mobile Banking Application is currently available for download on Apple® & Android™ devices including tablets with Apple & Android operating systems.
If you have a smartphone with a different operating system such as Windows or Blackberry, you can still utilize CSB mobile banking though our website at csb1.com.
Key items to keep in mind
- Always treat your cell phone like your wallet or purse.
- Be cautious of who you let use or “borrow” your device – they could quickly download fraudulent apps.
- Keep your device up-to-date with software releases and update and protect it with antivirus software (AVS).
- When you text someone, the message is stored on your cell phone, at least one server somewhere, and the receiver’s cell phone. It will be around forever.
- Text messages, emails, alerts from CSB never contain any personally sensitive information (account numbers, username, passwords). CSB will never ask for this information to be submitted through any channel. Never send this secure information to anyone.
- You should review your account information via multiple channels on a regular basis to ensure consistency.
Lost or Stolen Device
In order to safeguard yourself, there are several best practices you can follow BEFORE losing device:
- Most smartphones offer a feature allowing you to select a PIN or pattern recognition password in order to unlock the device for use. This feature should be turned on not only when you power-on your device but anytime you turn your screen on.
- Create “strong” passwords (of unusual combinations of upper-and lower case letters, numbers, and symbols) or PIN (random numbers instead of, say, 1234 or the last four digits of your Social Security number) and periodically change them.
- Do not store your username or password in your device’s notebook, contacts, or any other apps for easy retrieval.
- Check with your mobile carrier about remote wiping. Often times you can wipe the data from your phone either online or through the help of your carrier. This prevents the information from being accessed from anyone who may find or steal your device.
What else should I be aware of?
There are serious social engineering threats that users need to be aware of when engaging in mobile banking practices:
Malware : The intent of malware is to covertly compromise the confidentiality, integrity, or availability of the victim’s data, application, or operating system. The highest risk in a mobile banking setting is from downloading rogue apps or clicking on links contained within certain websites and/or text messages. Just because the picture of an application appears to be backed by a legitimate financial institution doesn’t mean it is secure.
SMiShing : The act of retrieving information via text message. Attackers pose as a financial institution and use SMS (texting) to ask for sensitive information. Your response and information is routed to an unauthorized individual.
Phishing : This has been around since the birth of Internet banking and is still applicable to mobile banking. Phishing is an attack used by tricking the victim into downloading malware or disclosing personal information.
Vishing : Using SMiShing and Phishing to evoke a victim into disclosing information by responding to a bogus phone number and talking to an attacker.
Man-in-the-middle attack : A form of active eavesdropping when the attacker makes independent connections with the victims and relays messages between them, making them believe they are talking directly to each other over a private connection, when actually the entire conversation is controlled by the attacker.
Cloning : The transfer of identity between one mobile telephone and another.
Hijacking : The attacker takes control of a phone conversation and masquerades as one of them. This could give the hacker access to the victim’s financial accounts.
NEVER “Jailbreak” your Device
Smartphones and tablets can be “jailbroken” by installing modified software that unlocks the restrictions of the device's core operating system. “Jailbreaking” or otherwise altering your device could void your warranties, violate your provider's terms of service, or even damage your device. Since jailbreaking methods are unsanctioned by manufacturers and forgo most security protocols, they can make your device unstable, susceptible to viruses, and vulnerable to exploits that feed hackers your personal information.
Research any application (“app”) before downloading it. Just because the name of an app resembles the name of your bank – or of another company you’re familiar with – don’t assume that it is the official one of that bank or company.
Take the time to read the “small print” when installing an app on any smartphone. Evaluate the information the app requires access to and consider if this information is necessary for it to run successfully. If you cannot see a reason for the app to have access to the information, you should reconsider installing it.
The iPhone app store is the only marketplace that controls “application distribution” meaning they review and restrict applications prior to allowing them to enter the app store.
Even with the strict app design controls, fraudsters may attempt to mimic the CSB Mobile Banking Application in order to create a “spoof” app. When an unsuspecting person downloads the fraudulent app and enters their log-in credentials, it is immediately sent to the fraudsters. They could then use your username and password to log-in to your account.
Because of this, we always encourage you to download the CSB Mobile Banking App and updates to the app from our website at www.csb1.com instead of getting them from the marketplace. It’s much safer because you know it’s a legitimate site.
Mobile Remote Deposit Capture Safety
When depositing a check with the CSB Mobile Banking Application using Mobile Remote Deposit Capture (mRDC), endorse the check using a restrictive endorsement, which states the deposit is “For Mobile Deposit Only.” Once the check has been deposited and accepted, write “VOID” on the front of the check.
*You must endorse checks “For Mobile Deposit Only” following these procedures or your check may be declined for deposit.
* You should void your checks after depositing through Mobile Remote Deposit Capture in order to protect yourself and the maker of the check. If someone obtains this check they could try to deposit it into their own account since it has already been endorsed. Monitor financial records and statements regularly.
Non-Smartphone SMS Safety
You may have a cellular device that receives text messages and may even allow access to the internet, but is not considered a “smartphone”. There are two major differences between smart phones and cell phones:
- Smartphones can run applications and cell phones can't
- Smartphones can access the Internet directly; cell phones rely on a carrier to get you there.
- If your phone has SMS messaging capabilities, it may be compatible with CSB’s SMS banking service.
- Never give your personal details to anyone without verifying their identity. A CSB Bank representative will never ask for your personal or banking information in an SMS.
- You should view SMS asking for your personal information with the same amount of suspicion you would the person behind you at an ATM.
- Never reply to an SMS or engage in a conversation with someone asking for this type of information.
- Never provide your personal details, such as your PIN or account details, by SMS.
- Do not follow any links in SMS to reach our cellphone banking or internet-banking website. Always enter our website address (http://www.csb1.com).
- Do not click any links contained within text messages when you are not 100% confident and knowledgeable of the sender.
If you have given out any of your personal information or banking details to a criminal call us immediately at 1.800.654.9015.
Apple® and The AppStore are a registered trademarks of Apple Inc.
Android is a trademark of Google Inc.