Mobile Device Security
Tips for protecting and securing your information on a mobile device.
Important note for members using the MySCU Mobile Banking App: our mobile app allows users the ability to save their username to the device for future logon efficiency. While the username is partially masked, please be aware there is a risk associated with storing login credentials on a mobile device. Selecting the option to save the username in the MySCU Mobile Banking app indicates you understand and accept this risk.
Lock the device. Set and use a 4-digit passcode or long password (best) to unlock the device. If your device supports fingerprint recognition, enable and setup this feature as well.
Set a screen timeout. This will make the device lock again after a certain period of inactivity.
Encrypt the device. With encryption, information on your device is "hidden" from passing traffic.
Use only approved apps and ensure you read the app's permissions. Only download and install apps from the Amazon, Google Play or Apple iTunes stores and read the permissions before installing.
Disable any apps or options not in use. Disable any apps you don't use to reduce potential entry points. Read and pay attention to the app's requested permissions for each app you download.
Accept and install patches and updates. When notified, download and apply system updates as soon as possible.
Don't jailbreak your phone. And don't let anyone else jailbreak your phone. The built-in security is there for a reason.
Install an anti-virus application. Anti-virus is not an "end-all, be-all" security solution, but it does add another layer of security.
Back-up your data. Most providers provide a method to back-up your data.
Don't click links in text or email, if possible. Be very aware of smishing (text) and phishing (email) attacks and don't click links unless you are absolutely, positively, 100% sure the sender is trustworthy and send you the text or email.
Be careful using public or open WiFi connections. Don't view or share personal information over a public WiFi network connection, especially financial information.
Lost or stolen? If your device is lost or stolen, call your carrier immediately to deactivate your phone and have the data wiped remotely. Additionally, log onto SCU Online from a computer or laptop and change your password, remove the phone number from passcode delivery (under My Settings | Update Security Options), and deactivate the phone from receiving alerts and Text Banking (under Account Services | Mobile Banking & Alerts, click deactivate at the top of the screen). Remember that a thief would need your username and password to access the mobile app and your accounts.
If you have any questions, please contact your provider who can guide you through setting these security features.
The most helpful tip is to change your mindset: In the past we've thought of these devices, specifically smartphones, as phones that can surf the web and check email. We need to change our thinking to the reality: these are mini-computers that are capable of making phone calls. With that mindset, we will begin to protect and secure them as we should.
Mobile Security FAQ
- Does State Credit Union use browser cookies and device information on the mobile channel? If so, how?
- Does State Credit Union track my location on the mobile channel?
If you allow us to use your location, we will use it to help you find ATMs and branches near you. Please note, not all ATMs are free. In-network ATMs may have reduced fees.
- Does State Credit Union use challenge questions on the mobile channel?
No. Answers to challenge questions can be discovered or guessed easily. Instead, one-time passcodes (OTP's) sent out-of-band using SMS or phone calls will be used.
- Do I have access to the same functionality on mobile devices as I do on a laptop or desktop computer?
No. While we strive to achieve parity, there are some features available in the web which are not available in the app.
- How does State Credit Union keep online banking information (including login credentials) secure?
Mobile Web Banking does not store any information in the user's device or the Web browser cache. MySCU Mobile Banking apps use the device's secure storage to host data. All data is securely transmitted using TLS (Transport Layer Security) technology.
- How does State Credit Union protect customer data on mobile applications?
All data exchanged between Mobile Web Banking and MySCU Mobile Banking apps is protected in transit using TLS (Transport Layer Security) technology. All offerings provide strong password requirements and aggressive idle timeouts. In Mobile Web Banking, no customer information is stored or cached in the device. MySCU Mobile Banking apps use the device's secure storage to host sensitive information.
- How does State Credit Union secure Mobile Deposit?
Mobile Deposit is secured by the same means as the rest of the mobile application. Images are not stored on your device.
- If I use a tablet browser to access SCU Online, will I get the same functionality as on a laptop or desktop computer?
No. Tablets have many of the same weaknesses that are observed in other mobile devices such as smartphones. For this reason, all security restrictions that apply to a phone's app also apply to tablets.
- If my mobile device is lost or stolen, can anyone access my banking information or take control over my account and identity?
If you mobile device is lost or stolen after authentication, the account cannot be accessed without the username and password or biometric credential approval. You should contact SCU as soon as possible to explore risk mitigation actions.
- What controls are used to prevent unauthorized access to member's accounts in MySCU Mobile Banking apps?
The MySCU Mobile Banking app uses out-of-band multifactor authentication to authenticate users at login.