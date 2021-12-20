The facilities of internet banking and applications have already fallen in favor of customers. Cellular transactions are already the most common in Brazil, according to Febraban (Brazilian Federation of Banks), that face-to-face transactions. But, after all, which platform is more secure: websites or apps?

It should be noted that both platforms have their benefits and their dangers. Banking institutions work to provide more secure systems, but the technologies can still fail. Scammers also tend to apply increasingly elaborate scams to trick victims into providing access data.

In any case, banking applications, according to experts, are even more secure. At least for a while.

The platform that offers the least risk is the bank’s application on your cell phone. Most of the password stealing banking trojans are still designed to infect Windows systems. Now what we are experiencing at the moment is a migration of these attacks to mobile devices” Fabio Assolini, Security Analyst at Kaspersky

A few years ago, banks worked more with physical tokens and security cards. But since then, many financial institutions have swapped these security features for versions of token within the banking application. In practice, these are random numbers that change from time to time to serve as an extra layer of protection.

A person can only make transactions, for example, after entering the app password (or using biometrics) and adding the code. Desktop versions of programs still often require the installation of a plugin (program) that helps maintain network security.

Risks in both cases

Although computers are more susceptible to viruses and attacks by criminals, cell phones also suffer from a series of scams of different styles. Assolini reports that there are three main risks on cell phones:

public wi-fi connection where someone can do network routing

installation of a fake bank application made by criminals on Android

phishing attack, in which the user receives an SMS asking to enter a website to enter bank details.

There are specific cell and computer threats. Emilio Simoni, manager of Psafe, cites a common in computers:

“Most banking attacks work on monitoring the URL that the user accesses. When you open the bank’s website, they identify the page and can do two actions: one is phishing, which will display a page on top of the bank’s, and the second is automation, in which it waits for you to log into the bank, locks your machine and starts to control it. This is more difficult in apps”, he explains.

Care to be taken

The user must be careful on both platforms. Respondents report the need to install security programs — such as antivirus — on their computers and mobile phones to mitigate threat risks. It is still always preferable to do banking transactions using the 3G or 4G network rather than wi-fi.

People still need to be careful with the data they provide. It is vital to always be wary of messages that ask for bank details: the bank will never really ask for such information. And the WhatsApp scams are there to prove how the online environment has risks.

According to Assolini, some phishing techniques even involve the IMEI request, that unique number of each cell phone, of the user, since this is one of the data that the bank is able to observe in transactions.

Febraban highlights a series of recommendations involving the use of banking applications on cell phones and computers. Check out some of them below:

Cell:

Do not trust unknown public Wi-Fi networks not protected by passwords;

In case of loss, theft or theft of the device, notify the bank in order to cancel the security provisions (mobile token), if available; also inform your telephone company and request the blocking of your number (chip);

Block credit cards, in case you have information stored (number and password) in a lost or stolen cell phone;

On mobile, prefer to use your bank’s application to make transactions, rather than the bank’s website via browser;

Do not install apps or open files of unknown origin. They can contain viruses and other harmful programs that are hidden from the user and allow fraudsters to act on their account, based on information captured after typing on the keyboard.

Computer:

Keep original antivirus updated installed on the computer you use to access banking services;

Only use effectively reliable equipment. Never perform operations on equipment that is public, unknown or that does not have up-to-date antivirus programs. There are programs — called trojan horses — used by fraudsters to capture customer information when typed into a computer;

Do not run applications or open files of unknown origin. They can contain viruses and other harmful applications, which are hidden from the user and allow fraudsters to act on their account, based on information captured after typing on the keyboard;

Avoid risky sites or suspicious content, and only download (transfer files to your computer) from sites you know and know are trustworthy;

Avoid accessing banks’ websites redirected by other websites, such as search engines. Always access the bank’s website directly from the bank’s address;

When making payments or carrying out other financial operations, you must make sure you are on the desired website, whether from the bank or any other, by “clicking” on the lock and/or security key that appears when entering the security area from the website.

*With reporting by Gabriel Francisco Ribeiro