-
Is it acceptable to store my passwords and PIN’s in my device such as in a file or in a browser cache(memory)?
Passwords and PINs should never be stored or held in devices, examples being password files or browser caches. They are targets for hackers and should be stored by other more secure means.
-
Can I store any sensitive information on my device and what if it is encrypted?
You should not store any sensitive information on your device in an unencrypted form. This kind of information can be stored if it is sufficiently encrypted behind a highly complex password. This would necessarily require a professionally coded application built for that purpose. The Mobile Banking Application does not store any sensitive, as in private personal information. New data is retrieved from the bank’s servers on code request. This alleviates the need to encrypt any information stored on the device.
-
Will the mobile application securely wipe sensitive information from memory on exiting the application?
The Mobile Banking Application, by design, does not store either permanently or temporarily any sensitive information. This eliminates the need for a secure wiping of information upon exiting the application.
-
Will the application require authentication on re-entry?
The Mobile Banking Application is written to have an auto-logout after a short period of time. This prevents having an application running for an extended period and becoming a hacker target. This will also require re-authenticating during a subsequent login.
-
Can a device be quickly deregistered if it is lost or stolen? Can my bank deregister my device if I call them?
As part of the Online Banking System there is the ability of the user to easily deregister a mobile device by logging into the Online Banking System. If the customer does not have access to a computer, the user can contact the bank and have their device deregistered.
-
Are secure coding practices used in developing the Mobile Application?
It is hoped that the mobile device is never compromised but that cannot be guaranteed. With that in mind the Mobile Banking Application was coded to have its own internal security irrespective of whether or not the mobile device is compromised.
-
Is there continued vulnerability testing followed by timely patching?
Testing the code for vulnerabilities is an ongoing effort. Patches are developed and uploaded to the appropriate App Stores in a timely manner for distribution to the End Users.
-
Can I download the mobile application from sites other than the Apple and Android Stores?
For security reasons end users should download mobile applications and any subsequent updates/patches ONLY from the Google Play or Apple App Store based on their mobile device. Links are provided on the Mobile Banking Application page to these stores.
-
Should I install anti-virus or anti-malware on my mobile device?
It is highly recommended that device owners install anti-virus/anti-malware on their mobile devices. This should be seen as no different than installing similar applications on a PC or laptop. Security threats exist for all devices that access the Internet.
-
Can I trust SMS based products with my sensitive information?
SMS communication in its basic form is text messaging and it has absolutely no built-in security. It should never be used to communicate credentials or personal private information. Due to the extensive usage of SMS communication throughout the online environment and the ease by which SMS can be hacked, its use by end users should always be carefully considered from a “Should I send this viewpoint?”
-
Can I trust public Wi-Fi with my sensitive information?
Public Wi-Fi is an extremely high-risk environment for mobile devices. These environments should never be used for accessing online systems that provide a channel to private personal information. This includes but is not limited to mobile banking and online purchases.
-
Should I be concerned about social engineering, phishing and viruses/malware?
Users should educate themselves about the methods used by hackers to gain access to private personal information. These include social engineering, phishing and virus/malware. This is a never-ending battle between the security efforts of the coders, the common sense and security education of the end users and the bad intentions of the hackers. Arm yourself by always being wary of the unknown, reading the unexpected popup and assume that if it seems bad it probably is bad.