Best Practices in Mobile Banking Security


As the use of mobile devices increases for banking, American National Bank wants our clients to know that we take security very seriously. The widespread use of Mobile and Text Banking means much more convenience for clients and better ways to monitor account activity. Unfortunately, it also means there are more opportunities for fraud. American National Bank provides a secure environment for Mobile Banking by keeping our Online Banking services up-to-date to protect our clients from fraudulent activity. We want to ensure that you have access to the latest recommendations for accessing these services or anytime you are navigating the Internet. Personal information is extremely valuable and fraudsters continually find new ways to obtain this information for use in malicious activity. It takes ongoing diligence by everyone to help ensure Internet and Mobile Banking risks are reduced through secure computing habits and personal device configurations.



Manage System Settings and Device Updates

• Download apps only from reputable sites and “App Stores”

• After apps install, they will often ask for unnecessary permissions to features on devices such as camera or location services. Closely review the requests and minimize application permissions to only those that are absolutely necessary

• Install system and application updates as soon as they become available

• Disable Bluetooth unless needed (if using Bluetooth enabled devices, disable discoverable mode after connecting if your smartphone doesn’t automatically turn off)

• Configure software firewalls on devices to protect from unauthorized electronic access. Some operating systems provide a firewall functionality which only needs to be enabled and configured while others will require you to download and install an app from a reputable App Store

• Avoid accessing banking and shopping applications using private user ID’s and passwords while connected to public Wi-Fi networks

Enable device “Personal Hotspots” or “Peer to Peer” Wi-Fi



  1. Add a Mobile Security App
    • Research and install reputable mobile security software such as anti-virus and anti-malware that extends the built-in security features of the device’s mobile operating system for iOS, Android and Windows phones
  2. Don’t Modify a Mobile Device to:
    • Enable features that void warranties
    • “Jail break” or change the root file system
    • Enable yourself greater control of device features
  3. Passwords
    • Keep passwords safe – Avoid writing them down or sharing passwords. Use strong passwords that have 8 or more digits consisting of numbers with both upper and lower case letters
    • Don’t use the same passwords for Online Banking that you use for online shopping sites
    • Keep passwords used at work different from those for personal use
    • Change your password whenever you think it may have been compromised
    • Ensure your sign on and passwords are hidden when accessing American National Bank’s Online Banking and Mobile Banking App
  4. Information Protection
    • Phone fraud is a growing problem – Never provide private information to an unknown caller. Verify the authenticity of an unsolicited caller before providing confidential personal or financial information
    • Insist on making a return call to a bank or credit card company using a number from a statement or the company’s website
    • The Bank will never call you unsolicited and ask you for confidential financial information or Online Banking credentials
  5. Physical Device Protections
    • Don’t leave your device unattended in public locations
    • Use the screen lock function on the device and change the password/passcode frequently
    • Delete all confidential information stored on the device before taking it in for service or repair
    • Reset devices to factory defaults and delete all data on old devices after exchanging or upgrading devices
    • Don’t store financial information on your mobile devices
    • Report stolen devices to the bank and change or update log in credentials to online banking systems
    • Regularly back up your mobile device
    • Manage what is shared online



When Creating a Password: Make your password meaningful to you but avoid using personal details about yourself that are publicly available from social media or other sources that may make your password easy to guess.

Things to Do:

  • Use a mix of lower and uppercase letters, numbers and symbols
  •  Use at least 8 characters
  • Use the first letter of each word of a memorable phrase

Things to Avoid:

  • Consecutive numbers or letters
  • ID, login, or account numbers
  • Family member’s or pet’s name
  •  Favorite holiday or sports team
  •  Place or date of birth

Smart Password Management:

  • Create a new password every 90 days
  • Use different passwords for different online and system accounts
  • Don’t use your company password on public sites
  • Don’t use your company password on multiple sites
  • When purchasing online, check out as a “guest user” instead of registering

Password Storage:

  • It’s best not to write down passwords or store them on your computer in spreadsheets or other documents
  • Consider using a password manager, or “password vault,” a software program that keeps a number of passwords in a secure digital location. By encrypting the password storage, it offers the ability to use a single master password for accessing a number of different passwords used for different websites or services




Top Email Fraud Scams:

  1. CEO scam – Fraudulent message appears to be coming from senior executives within the company
  2. Supplier email – Email looks like it’s coming from a supplier whose email address is being spoofed
  3. Attorney email – Business acquisition email appears to be sent from an attorney
  4. Non-Financial Data phishing scheme – Instructions to send personal information other than payments


What to Look Out For:

The following requests can be signs of a scam, which can have a sense of urgency or a need for confidentiality:

  • Change a company profile within an internal system
  • Add a new contact representing the company
  • Update a payment account • Request new payment for a business transaction
  • Request a sudden change in business practice


Best Practices:

If you receive a suspicious email, be mindful of the following:

  • If you “don’t recognize” the sender
  • Avoid clicking on links or opening attachments
  • Do not “reply” to the email. You may inadvertently be communicating with fraudster instead of the intended party


Validate Using Other Communication Channels:

  • Pick up the phone and call the sender using the company directory or vendor information
  • Ask the sender to send the new payment instructions from the company letterhead and validate the letterhead


Develop Confirmation Procedures For Non-Standard Requests:

  • Create confirmation procedures for non-traditional requests
  • Define the approval process for implementing a new account number
  • Authenticate the request by asking the individual to provide old invoice numbers or payment amounts
  • When possible, ask your vendors to acknowledge the payments


DISCLAIMER: American National Bank has provided these Mobile Banking Security Best Practices to assist you in protecting your confidential and financial only when needed information and to help reduce risk. American National Bank is not responsible for losses related to security weaknesses within your personal Online Banking access devices such as your home computer, tablets and mobile devices. American National Bank does not provide any express or implied warranty, guarantee or promise concerning the content, completeness, accuracy or value of the above information. All persons or entities should confirm the accuracy as it applies to them specifically or their business or system. These Mobile Banking Security Best Practices are provided as information only and American National Bank will have no liability to a client or any other person or entity, for any direct, indirect, incidental, special or consequential damages arising out of the information above.