YONKERS, NY – A new Consumer Reports evaluation of mobile banking apps found that most of the digital banks it examined provided consumers with free checking and savings accounts and tended to provide higher interest rates while traditional banks offered more financial well-being tools and features. CR found that all of the mobile banking apps it examined share more customer data than is necessary for their services, and some apps are not accessible to Spanish speakers and people with disabilities and don’t clearly explain their fraud monitoring and notification policies. See: CR’s Which Banking App is Best For You?
“Mobile banking apps are widely popular and have become an essential tool for how people manage their financial lives,” said Delicia Hand, financial fairness director at Consumer Reports. “Many Americans rely on mobile banking apps for everything from checking their balances and monitoring transactions to paying bills and depositing checks.”
Hand continued, “While these apps offer convenience and other important benefits, banks and fintechs should limit the collection of sensitive personal data and give consumers more control over how their financial information is shared with other companies. Some of the apps we examined could be enhanced by eliminating account maintenance fees, improving accessibility for people with disabilities and non-English speakers, and providing clearer disclosures about how banks monitor fraud and notify customers when suspicious activity is detected.”
A nationally representative Consumer Reports survey of 2,097 U.S. adults conducted in February 2023 found that 75 percent of Americans use one or more banking apps. And another nationally representative CR survey of 2,019 banking app users (2023) found that 77 percent of those who use a banking app do so at least once a week, and 32 percent use it every day or almost every day. Eleven percent of Americans who use banking apps use an online-only or virtual bank as their primary or only bank.
CR’s evaluation explored the mobile banking apps, websites, and features related to checking and savings products of five, large traditional banks (Bank of America, Capital One, JPMorgan Chase, U.S. Bank, and Wells Fargo) and five digital banking providers (Albert, Ally, Chime, Current, and Varo) that offer banking and financial products primarily through mobile apps and without physical branches. CR evaluated these ten banking apps using its Fair Digital Finance Framework and found:
Most traditional banks charge maintenance fees; most digital providers don’t: Most digital banking providers offer free checking and savings accounts without maintenance fees, while few traditional banks do. Only one traditional bank (Capital One) offers checking and savings accounts without maintenance fees; the other four (Bank of America, Chase, U.S. Bank, Wells Fargo) charge maintenance fees that may be waived under certain conditions. Digital banking providers also tend to offer higher interest rates on their savings accounts, but only one digital bank (Ally) provides interest on its checking account. All of the traditional banks offer at least one checking account with interest, although the rates are nominal and these accounts tend to require higher minimal balances.
Data sharing needs controls and transparency: Almost all banking apps share more data than is necessary to provide the service, including with marketing partners and service providers, and for joint marketing purposes. Widespread data sharing leaves consumers vulnerable to data breaches, identity theft and predatory advertising. CR’s nationally representative survey of 2,027 U.S. adults in December 2023 found that 69 percent of Americans with bank accounts feel that it is very important to be able to limit the purposes for which their bank can share their banking data. Only five banking apps (Ally, Albert, Chime, Varo, Wells Fargo) provide an in-app control to turn off targeted advertising, and only one of those apps (Ally) opt-out users from targeted advertising by default.
Inconsistent availability of digital tools for financial well-being: Traditional banking apps typically offer more financial well-being tools and features than digital banking providers. CR examined whether the banking apps provide five different tools: automated savings features, such as setting up automatic transfers to savings or round-up savings; the ability to direct a portion of a user’s direct deposit to savings; budgeting tools; goal-setting features; and spending indicators. Although a number of the apps provide some of these tools, only Albert, Ally, and Bank of America provide all five.
Accessibility features are uneven across sector: Traditional Banks are more likely than digital banking providers to offer their websites, apps, and policies in Spanish. Banking websites are more likely than banking apps to have built-in accessibility features for people with disabilities.
Incomplete commitment to fraud protection: While real-time fraud monitoring practices are often in place, this is not sufficiently reflected in most company documentation. U.S. Bank and Varo do not explicitly commit to real-time fraud monitoring and providing real-time alerts to customers in the event of suspicious activity. Bank of America and Capital One commit only to providing real-time alerts while making no explicit commitment to real-time monitoring. All banking service providers supply consumer education about fraud and scams on their websites, but three of the apps evaluated (Ally, Capital One, and U.S. Bank) do not do so in their apps.
What Banks Should Do: CR recommended a number of ways banks could improve their apps:
Support consumers financial well-being by eliminating maintenance fees, embedding interactive financial health tools seamlessly into apps, and tracking financial well-being metrics as company key performance indicators
Build robust accessibility features directly into mobile apps and websites for people with hearing and vision disabilities and make apps and account information available in non-English languages, starting with Spanish.
Make explicit commitments to real-time fraud monitoring and notifications and integrate education materials about fraud and scams into the user experience.
Minimize the collection, use and sharing of sensitive personal data to what is necessary to provide the service and provide in-app controls to enable consumers to limit data sharing and targeted advertising.
What Consumers Should Do: CR offered a number of tips for mobile banking app users:
Enable two-factor or multi-factor authentication on the banking app or website: You’ll receive a one-time-use code, good for only a few minutes, that you’ll need to complete the login process. This helps assure that the correct mobile device is used with the banking account or app.
Set the app to notify you with a text for every withdrawal or deposit made to your account: This gives you a chance to quickly catch or stop fraudulent or questionable transactions.
Make sure your home internet network and devices are secure from intruders: The most important step is to enable a six-digit pin or face identification on your phone. Use strong passwords – lengthy, complex, and unique – on your wifi router, mobile phone or other device, and all online accounts. If you lose your phone with a banking app on it, alert your bank.
Keep all apps updated along with your operating system: Turn on Automatic Updates on your phone. For phone operating system updates on the iPhone, go to General, then Software Updates, and then select Automatic updates. For Androids, go to Settings, then Software Update, then select Auto Download over WiFi. For apps used by both iPhones and Androids, go to Settings, then App Store, then turn on Automatic updates for the latest security patches.
Manage your devices security settings: At a minimum, set your phone or other device to lock after a minute to assure no one can quickly access it if you misplace or lose it. Next, on an iPhone or tablet, go to Settings, select each app and turn off any features it doesn’t need to access in order to function, including camera, microphone, and location tracking. To do this on Android phones, scroll down to Apps, select each app, and turn off features it doesn’t need to access in order to function, including the camera, microphone, and location tracking.
For a more complete explanation of CR’s findings and recommendations, see Banking Apps: A Case Study for a Digital Finance Standard. CR’s evaluation of mobile banking apps builds on recent evaluations of peer-to-peer (P2P) payment systems and buy now, pay later (BNPL) services. See cr.org/digitalfinance for more information.
Michael McCauley, michael.mccauley@consumer.org