two female presenting people looking at a phone while standing on a bus.

From Passwords to Biometrics: Evolving Security in Mobile Banking

Cyber security measures have been evolving continuously over the past 50 years, starting as a response to the first computer virus in 1971, as well as the birth of online “phishing” in the 1990s. Starting with passwords and passcodes, cyber security has evolved to include multi-factor authentication, biometric technology, and other mechanisms designed to protect individual users, businesses, and the computer systems that serve them. 


Mobile banking technology continues to develop alongside other digital capabilities, and at PCB we work hard to provide our customers with the latest benefits, from same-day Mobile Check Deposit to Mobile Wallets to allow you to securely and conveniently make payments with a tap of your phone. We also strive to help them to ensure a safe and simple experience, from answering common questions like “How do I change my password?” to providing tips for banking safety.  


In this post, we’ll explore the evolution of mobile banking safety protocols, and additional steps you can take to keep your online accounts protected. Keep reading to learn more! 

As of May 2021, mobile banking adoption has grown to 95% among Gen Z, 91% among millennials, 85% among Gen X, and 60% among baby boomers. (Cornerstone Advisors)

Traditional Mobile Banking Safety Measures 

One of the major hesitations of using digital and mobile banking is over security concerns. Any time that access to financial information can become more remotely accessible, it may be seen as a target by criminals for fraud. However, leaning on existing built-in security measures and following a few precautionary steps can mitigate much of this risk. 


Let’s first take a look at traditional security protections that still make up the backbone of online and mobile account access—and how to make the most of them to keep your accounts safe. 



Passwords are secret combinations of characters (letters, numbers, and symbols) which you choose to gain (and limit) access to your mobile accounts. They serve as the first line of defense against security breaches, ensuring that only authorized users can access the account.  


However, if you reuse your passwords for other accounts, your password is easily guessable, or you mistakenly give your password to an outside party, hackers and other criminals can use it to get into your accounts. 


Never give your password to anyone—even someone who purports to represent your financial institution (we will never ask!). Additionally, creating strong passwords is essential to keeping accounts secure. Combine a mix of uppercase and lowercase letters, numbers, and symbols to resist unauthorized access, never reuse passwords, and consider using a password manager to create and store strong passwords.  

31% of surveyed respondents stated they would continue to use more online and mobile banking in the future. (FIS)

PINs (Personal Identification Numbers) 


PINs are numerical codes, usually four to six digits, used to authenticate a user's identity. When you open an account, you may be asked to create a PIN. PINs provide an additional layer of security where users may need quick and convenient access, especially in mobile banking or when using a debit card for payment or in an ATM. 


Like passwords, secure PINs should be chosen—and it’s important to never reuse a PIN. Avoid using easily guessable combinations like birthdates or sequential numbers. If you write down your PIN, keep it in a secure location (not your wallet!). And never give your PIN to anyone—even individuals who claim to be from your financial institution. 

Security Questions 


Security questions are personalized questions chosen by users during the account setup process. They act as a secondary authentication method, often used for account recovery or additional verification. 


Answers should generally only be known only to the account holder and not easily guessable, publicly available, or easily discoverable. Never share your answers with anyone—even someone who claims to represent your bank.  

Multi-Factor Authentication 


Multi-Factor Authentication (MFA)—also referred to as Two-Factor Authentication (2FA)—is a security measure put in place by financial institutions and other companies that handle sensitive data, to help protect user accounts. A relatively new player to the security front for mobile banking, MFA is now commonplace for many online and mobile accounts. The “multi” or “two” in the name refers to the fact that to effectively log in, users must provide two or more forms of identification or personal verification. 


The first factor typically involves entering standard login credentials like a username and password. The second factor varies—sometimes it’s a temporary code sent to the user's registered mobile device via text, app notification, or email. Other times it might involve biometric data such as fingerprints or facial recognition (more on this later). The combination of these factors makes it more challenging for unauthorized individuals to access mobile banking accounts, especially during high-risk activities like logging in from a new device or conducting sensitive transactions. 


MFA or 2FA can help ensure unauthorized users can’t access your accounts. However, if you receive a code to your phone, just as with a password, do not provide your code to anyone—even someone who claims to represent your financial institution. 

Biometric Advancement: Fingerprints to Face Scans 

Biometric security measures for mobile banking utilize your unique physical or behavioral characteristics—like your voice, face, eyes, or fingerprints—to authenticate your identity. These measures add an extra layer of security by replacing or supplementing traditional passwords and PINs. When users enroll in biometric authentication, their unique biometric data is captured and stored securely to be used for futute login attempts. Because the traits used for biometric authentication are highly individualistic, it makes it difficult (if not impossible) for unauthorized individuals to replicate or use someone else's biometric data to gain access to their mobile banking accounts. 


To use biometrics safely for mobile banking, make sure your mobile device has robust security features and is protected (only unlockable) by a strong passcode or PIN—as sometimes you may be able to bypass biometrics by using this passcode. Additionally, regularly update your device's operating system and the banking app to benefit from the latest security patches and enhancements, and never share your biometric information or mobile banking credentials with anyone. 

As of Fall 2020, 44% of retail banking customers stated they prefer using their primary institution's mobile app regularly, and 3 out of 4 said they use mobile banking apps at least once a month.

Taking Charge of Your Mobile Banking Security 

Even with enhanced security measures, mobile banking may still be susceptible to security risks such as phishing attacks, malware, and unauthorized access. Here are a few important measures to follow to minimize your risks.  

Protecting Your Device 

Your first line of protection against mobile banking fraud is keeping your device secure. Here are a few simple things you can do: 

  • Lock Screen: Use a lock screen that engages after brief periods of inactivity. Less than three minutes is recommended. 
  • Passcode: Have a strong passcode that is not easily guessable required to unlock your device. Don’t share it with anyone. 
  • Biometrics: Set up facial or fingerprint recognition to unlock your device for easy and secure access. 
  • Wi-Fi: Don’t use public Wi-Fi. Use your device’s data plan instead. 
  • Loss or Theft: If your device is lost or stolen, report it to Apple or Google immediately, as well as your financial institution if you have a mobile banking app or wallet. 

Password Theft, Phishing, and Cyber Fraud 

Cyber criminals go to great lengths to gain access to accounts, often creating elaborate social engineering schemes to steal passwords, bank and credit card account information, and access codes or trick individuals to send payments for fraudulent purposes. 


Posing as legitimate institutions or companies and using email, text messages, social media messages, and even phone calls, criminals will “phish” for your personal information that allows access to your accounts, from contact information to passwords and account numbers. Criminals may also ask you to send money or try to get you to download attachments or click on links that open downloads that contain malware.  


Often these attempts contain a sense of urgency. To avoid falling victim, never respond to urgent requests by providing information, sending money, downloading attachments, or clicking on links. Instead reach out to the company, organization, agency, or financial institution to verify the request. Never directly share your personal information. 

At PCB, we prioritize cyber security to protect you from online fraud and keep your accounts safe with the latest technology and updates.

Remain Vigilant 

Awareness is one of your best weapons when dealing with account fraud. Always: 

  • Check bank and credit card statements. On a regular basis (at least monthly), review your transactions for unusual activities. Report any suspicious activity to your financial institution or credit card company immediately. 
  • Keep up with the latest scams. At PCB we strive to provide useful information to our customers to help protect their accounts and keep them safe from fraud. Read our regular blog posts and check out our resources including our tips for Protecting Your Identity, Fraud Protection, and Mobile and Online Banking Safety. 
  • Contact authorities when you suspect fraud. If you think you are the victim of financial fraud, contact your financial institution right away. The sooner you reach out for help, the better the chances that you can stop additional fraud, regain your lost funds, or prevent the next victim. 

How PCB Can Help 

At PCB, we know that cyber security awareness is key to safeguarding yourself against online fraud and identity theft, and we work hard to provide robust account protections for your mobile accounts and keep you up to date on the latest technologies and threats. 

Questions about account security? Need assistance with your online account or mobile app? Reach out to us at any time, or stop by a branch in West Virginia or Virginia today! We’re glad to help.