12 Ways Your Smartphone Is a Financial Risk

mobile security

An increasing percentage of smartphone owners are using their devices for financial transactions — to pay bills, check account balances, deposit checks and make purchases, according to the Federal Reserve Board’s “Consumers and Mobile Financial Services 2015” survey.

But mobile safety is still a big concern for many. The Federal Reserve Board found that more than half of consumers who don’t use mobile banking or mobile payments avoid making transactions with their phones because they’re worried about the technology’s security.

It’s true that you can put your finances and personal information at risk when you use a smartphone. If you’re not careful, your accounts could be accessed, your credit card number could fall into the wrong hands or your identity could be stolen. It’s not a lack of mobile security, though, that’s creating these risks.

“The general public is painfully unaware of their security,” said Robert Siciliano, an identity theft expert with BestIDTheftCompanys.com. “They’re aware of the issues but not aware of what to do.” It’s when smartphone users don’t take the proper steps to safeguard their devices and financial transactions that they lose money or are exploited, he said.

Here are 12 ways your smartphone could be a financial risk if you’re not taking security seriously:

1. It’s Not Protected by a Passcode

“Think of your phone as a safe,” said Michael Bruemmer, vice president of data breach resolution and consumer protection at credit reporting agency Experian, which also helps businesses prevent fraud. “You need to have a combination so people can’t get in.”

Androids, iPhones and Windows Phones offer users the ability to a set up a passcode (in “Settings”) that must be entered to access the device. Without one, anyone could pick up your phone and access anything that’s on it — putting any personal or financial information at risk.

Make sure you don’t use something as simple as 1111 or 1234, Siciliano said. It should be long and strong with numbers and letters, if possible. For iPhones, the default code is just four digits.

2. It Doesn’t Have Multiple Layers of Protection

Creating a passcode to lock others out of your smartphone is a great start, but you need more layers of protection to ensure you’re not making it easy for anyone to access financial apps or make fraudulent transactions on your smartphone, Bruemmer said. He recommends opting for two-step authentication. With two-step authentication, you might be sent a code via text message that you have to enter after you log in with a password and username.

3. It Could Be Lost or Stolen

The passcode you create for your phone serves as a first-line of defense if you lose it or someone steals it. But you should also install an app to help you find it or protect it so your data can’t be accessed, according to CTIA-The Wireless Association, a nonprofit group that represents the wireless communications industry.

For example, Apple offers a free Find My iPhone app that will let you use another iOS device to locate your phone on a map, remotely lock it and erase all data. The free Android Device Manager app does the same for Android phones.

Related: How to Overcome Your 6 Biggest Digital Banking Fears

4. The Software Isn’t Updated

When you get a notice on your smartphone that there’s a software update for its operating system, don’t ignore it. Siciliano said updates often revolve around security issues and are released to patch security problems. If you don’t run the latest software, you could be leaving your smartphone more vulnerable to threats that could put personal information stored on or shared through your device at risk.

5. The Apps Aren’t Updated

Updates are also released for mobile apps. If you get notices to upgrade to the most recent version of an app you’re running on your smartphone, Siciliano said you should update it for the same reason that you need to update your device’s operating system. This is especially important for any financial apps you use because you don’t want to be running versions that have any security flaws.

6. You’re Connected to Public Wi-Fi

You don’t want to use up too much of your data by connecting to the internet using your phone’s 3G, 4G or LTE network. But you could pay a much bigger price than a data overage charge if you connect to a public Wi-Fi source and use your phone to conduct financial transactions. That’s because hackers can “scoop up pretty much anything that’s flying through the air and use it for their own financial gain,” Siciliano said.

To avoid using your phone’s data, use a VPN (virtual private network) — such as the free Hotspot Shield — to provide more security if you use Wi-Fi.

7. It’s a Target for Scammers

Thieves and con artists try to lure people into divulging their personal information by sending text messages with instructions to click on a link to claim a prize, update a password for an account or enter a credit card number to pay a bill. Even if the message looks like it’s from a legitimate business or a service provider, it’s probably not, said Siciliano.

Avoid clicking on links in messages from unknown sources. And if you get a message that appears to be from your bank or service provider, go directly to the source by calling or visiting its site and logging onto your account to see if there’s actually an issue that needs to be resolved.

Read: How Venmo’s Security Holes Put Your Money at Risk

8. You Downloaded Infected Apps

When you download apps, you should stick to trustworthy marketplaces such as Apple’s App Store and Google Play, Siciliano said. Otherwise, you run more of a risk of ending up with apps infected with malware that can spy on your transactions, steal personal information — including passwords — and even put false charges on your account.

9. All the Apps Have the Same Password

Yes, it can be hard to remember different passwords for every account you access with your smartphone. But if you use the same one, you’re putting all of your accounts at risk, Siciliano said. If someone figures it out by hacking or other means, suddenly he can tap into any password protected app, such as a mobile banking app or shopping app linked to a credit card.

At the least, Siciliano said you should use different passwords for financial accounts and social media accounts. The free Dashlane app can generate strong passwords for your accounts and save them in an encrypted vault so you don’t have to memorize multiple passwords.

Siciliano also recommends against saving a password on an app so that you don’t have to enter it. Of course, it makes it easier for you not to have to remember passwords, but it also makes it easier for anyone else to access that app.

10. Bluetooth Introduces Security Vulnerabilities

The Bluetooth technology in your smartphone that makes it possible to carry on calls with wireless earpieces also makes you more vulnerable to mobile security threats. It can be hacked to access your smartphone whenever it’s on, according to security company Norton. So, you need to turn off Bluetooth when you’re not using it or when you’re speaking about or entering sensitive information — such as an account password — into your smartphone, Norton recommends.

11. Your Mobile Payment Apps Are Linked to Debit Cards

Never use a debit card to pay for smartphone transactions or link one to pay-by-phone accounts, Bruemmer said. Debit cards offer fewer protections than credit cards, and you could be on the hook for unauthorized transactions if you don’t report them soon enough to your bank. Bruemmer also said you shouldn’t link debit cards to mobile pay options, such as Google Wallet or Apple Pay.

These apps can be a safer way to pay because a unique code rather than your card number is transmitted to the merchant. But if your phone ends up in the wrong hands and your mobile pay was used to make purchases, your bank account balance could take a hit if your debit card was linked to the app. Your liability is limited to $50 if you report the fraud in two days — then $500 after two days but before 60 days, reports the Wall Street Journal. Even if you report the fraud quickly, it might take a couple of days to be reimbursed, leaving you without enough money in your account to cover bills or expenses.

12. It Doesn’t Have Apps to Monitor Your Accounts

If you don’t take the proper precautions when using financial apps and making transactions with your phone, you put your money and identity at risk. Thankfully, there are some apps that can actually help increase mobile security by monitoring your accounts for suspicious activity and alerting you if there’s a problem.

For example, the free BillGuard app will send you alerts if there’s an unwanted charge on your credit cards or a data breach at a store where you have shopped. And a mobile banking app might allow you to set up alerts to receive text messages or emails if your account balance drops below a certain level or a debit is made from your account larger than a certain amount.

Keep reading: 12 of the Highest-Rated Bank and Credit Union Apps