COVID-19: How to Protect Your Members’ Mobile and Online Banking


With the COVID-19 pandemic prompting increased use of mobile and online banking, how can credit unions and their members be proactive in keeping their data safe? To retain a high level of customer satisfaction, mobile access is now more than ever an essential service for a credit union to offer. It provides ways for members to handle their finances, open new accounts, and pay bills while staying at home.

But what are the risks?

Since the beginning of 2020, mobile banking has grown in volume by 50%, appealing to members who in other circumstances may have never used it. But as mobile banking becomes increasingly essential, it also becomes a larger target for scams and attacks. We are seeing increases in mobile malware, corrupt apps, and flawed authentication, and could continue to see that number climb in the coming months.

According to the Federal Trade Commission, “scams that will target you and your money during this already confusing time, including everything from offers for vaccines, to fake charities to traditional email scams” have become rampant. With scammers attacking here, there, and everywhere, what defenses do members and credit unions have?

So, what can your credit union do?

There are a number of tools and precautions credit unions can take to protect their members. Make sure your financial institution is using multi-factor authentication, Secure Socket Layer (SSL) encryption, biometric and/or facial recognition technology, automatic logout, antivirus and anti-malware programming, and firewalls. In addition, work to educate your members on these scams and how to recognize them.

And what can your members do?

  • First, verify you are using the correct app. Scammers are great at making fraudulent apps look real. Fraudulent apps that can appear in your App store can deliver an error message asking for your login credentials, giving access to the scammer. Use only the link provided by your credit union.
  • Do not use public WiFi if it is unsecured. Public WiFi can be hacked by “man-in-the-middle” attacks where scammers pull your information while it is being transmitted. One option is to use a Virtual Private Network (VPN) that encrypts a secure pathway.
  • Update your passwords often and don’t use the same password on all your accounts. Make them strong with at least 8 characters using upper-case and lower-case text, numbers, and special characters. Use a phrase or acronym instead of a word. Update every three to four months.
  • Try using mobile alerts for activity. This helps when you don’t have time to log in every day. Activity can include transactions, failed login attempts, personal info updates, wire and ACH transfers, and daily balance tracking. Notify your credit union if you did not perform any of these activities.
  • Check the various layers of security protection financial apps such as P2P products offer. Frequently the bill pay vendor is used to provide a secured way to use P2P. Use any fraud monitoring system the bill pay vendor may offer.

Other features to consider:

  • Use multi-factor authentication across all devices
  • Don’t share passcodes
  • Pair multi-factor authentication with other security measures such as fingerprint or facial scanning
  • Use the lock feature when your device is unattended

In the end. . .

COVID-19 has provided alternate methods of serving your members that will continue after the pandemic.  Make sure your members are educated about using the security options you offer as we move into a virtual world of financial services.


  • Barb Cooper

    As Programming Services Manager, Barb engages with programming teams to improve project workflow, provide training, manage the marketing side of programming, and coordinate team relations with those outside the programming department. Barb also provides programming research for client serving staff, improves programming department documentation, is involved in the efforts to improve the CU*BASE database, and attends focus groups and client sessions to represent the programming department. Throw in a little programming as well.

Your email address will not be published. Required fields are marked *