Your bank wherever you go
Mobile Banking Security Tips
Is mobile banking secure?
Yes. To help ensure the safety and privacy of your account information, we provide some key mobile banking security features:
- You download the MetaBank app directly from Google Play™ or the Apple App Store℠ – the app, once downloaded, is synced to your device
- You are authenticated for every mobile banking interaction
- We use 128-bit encryption for all transactions
- We incorporate transaction validation and reconciliation processes to detect fraud
- We provide full audit capabilities through event logs and event-based reporting
- We don’t include any personally identifiable information, such as your full account number, email address or personal address, in a text message – we also never ask for or include your access ID or password in any message we send
Is my personal and/or financial information stored on my phone?
No. We do not save any files containing personal or financial information on your phone. That information is restricted to the secure Online Banking Center. For some phones, such as BlackBerry devices, logo and branding files may copy to your phone. These files do not contain any personally identifiable information.
Will my account information be safe when mobile banking?
Yes. Our mobile banking service utilizes encryption and multi-factor authentication. While we take many security measures and precautions on your behalf, it is in your best interest to educate yourself on the ways people may try to obtain your sensitive information. Take safety precautions to ensure your account details remain secure.
Of what mobile banking threats should I be aware?
Use technology wisely and safely. Many of the threats you may face involve fraudsters using technology to trick users into providing sensitive information unwittingly. Be cautious, be informed and ask questions. Common threats include text fraud (SMiShing), email fraud (spoofs) and vishing.
What is “texting fraud,” a.k.a. “SMiShing?”
The term “SMiShing” comes from SMS (Short Message Service), the technology used for cell phone text messaging. Before you respond to any text message, learn how to distinguish a genuine text from a fraudulent one. SMiShing messages appear to be from a legitimate company and typically contain a link that takes you to a fake or spoofed website. A fraudulent text may ask you to call a phone number. Even if you don't enter any information, selecting a link within a fraudulent text can lead to inadvertently installing key logging software or dangerous viruses on your phone.
How can I spot texting fraud or SMiShing?
There are some signs of texting fraud for which you should keep an eye out, including:
- Requests to renew your bank service - a message may indicate your mobile banking service has expired and prompt you to renew it by clicking an enclosed link to visit your bank's website and update your account information
- Impending charge notices - a text message may indicate that you will be charged a certain amount per day if you don't call to cancel your mobile banking service
- A sense of urgency - a text message may indicate that your account will be closed or suspended if you don’t respond
- Requests for sensitive data - a text message may request your access ID, password, PIN, social security number, account or ATM/debit card number, mother's maiden name, etc.
Remember: MetaBank will never send you a text message requesting you to contact us immediately, either through a link or a number provided in the message. In addition, we will never request any personal information about you or anyone on your account via text message.
How can I report texting fraud or SMiShing?
If you suspect that you’ve received a fraudulent text message, please forward it to us at email@example.com. After forwarding the text message, delete it from your device. You may also want to forward it to the Federal Trade Commission at firstname.lastname@example.org or by phone at 1.877.IDTHEFT.
What should I do if I believe I’ve responded to a fraudulent text message by mistake?
If you have already replied to a text message with personal information and now suspect the text was fraudulent, call us immediately at 1.866.559.5037.
What is “email fraud,” a.k.a. a “spoof email?”
Spoof emails – also known as phishing or hoax emails – appear to be sent from well-known companies. To bait you, an email may say there's an urgent situation concerning your account and ask you to click a link. The link may then direct you to a spoofed or fake website that appears to look legitimate or familiar. Any information you provide to the spoofed site can be collected. If you attempt to log in or provide personal information on a spoofed site, it can be used for illegitimate purposes. Even if you don't supply any information, simply clicking the link may enable thieves to access your computer, record your keystrokes and capture your passwords. Also, be aware of spoof web forms that ask you to provide confidential information for which a legitimate company would not typically ask.
How can I spot a spoofed email?
Several signs can help you determine if an email is legitimate or a spoof. Learning how to recognize a fraudulent email can help protect you and your banking information. Here’s how:
- The "from" field of an email can be easily altered, so it's not a reliable indicator of whether or not an email is a fake
- Be wary of impersonal opening greetings, such as "Dear User" or your email address
- Emails sent by well-known companies are almost always free of misspellings and grammatical errors – typos and poor grammar could signal a spoof email
- Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away – spoof emails often create this false sense of urgency
- Never provide your access ID, password, PIN, social security number, account number, ATM/debit card number, mother’s maiden name, etc. – a legitimate email would not request this information of you
- Check where a link is going before you click by hovering over the URL in an email and comparing it to the URL in the browser – if it looks suspicious, don't click
- A legitimate email from MetaBank will never include an attachment or software – you should never open an attachment unless you are 100 percent sure it's legitimate, as they may contain spyware or viruses
- MetaBank will never send you an email message requesting you contact us immediately through either a link or a phone number provided in the body of the email – we will never request any personal information about you or anyone on your account through an email or link
How can I report a spoofed email?
If you suspect that you've received a fraudulent email message, please forward it to us at email@example.com. Don't change or retype the subject line, as this makes it more difficult to properly investigate. Email spoofs are continually evolving, and even slight variations will aid in our investigations. After forwarding the email, delete it from your inbox and any other folders. You may also forward it to the Federal Trade Commission at firstname.lastname@example.org or report it to 1.877.IDTHEFT.
What should I do if I believe I’ve responded to a spoofed email by mistake?
If you have already replied to an email with personal information and think the email was spoofed, call us immediately at 1.866.559.5037.
What is “vishing?”
Be on guard for calls that play a recording claiming your credit card or bank account has had unusual activity and give you a phone number to call. This is called vishing and is a type of internet phone scam. When contacting MetaBank, always use a trusted number.
What other precautions should I take when banking on a mobile device?
We recommend, at a minimum, that you take the following precautions with regard to your account information:
- Only download mobile app from Google Play™ or the Apple App Store℠
- Password-protect access to your phone, and utilize an automatic screen lock
- If your phone is lost or stolen, deactivate your phone in MetaBank’s mobile banking service – contact customer service at 1.866.559.5037 or email@example.com if you need assistance
- Add the mobile banking shortcode to your phone’s address book
- Remove old mobile banking messages from your inbox
- Log out of MetaBank’s mobile banking service after each session
- Think carefully before removing any security controls from your device, known as “jail-breaking” or “rooting” – this can decrease its overall security
- Update the operating system on your mobile device with the latest security patches and upgrades – anti-virus software for your mobile device can provide an additional layer of security
- Watch out for SMS (plain-text) and MMS (multimedia) message headers that start with the number “19” – if you respond to them, you'll be charged a premium rate that can increase your cell phone bill amount
For more information, call 1.866.559.5037 or email firstname.lastname@example.org.