By 2021 , millions more of us will be doing our banking on smartphones and tablets , researchers say . The number of mobile bank app users is expected to leap 53 % in the next four years . So far , mobile banking has been a pretty secure experience . Mobile app breaches represented less than 3 % of all computer records hacked last year , according to the Identity Theft Research Center , a San Diego tracking firm . But don ’ t get cozy . A veritable flood of consumers is heading for mobile , according to Juniper Research . It predicts over 3 billion people around the world will be banking on mobile by 2021 — quite a lure for hackers who target financial apps . That means more people are likely to fall prey , so bank customers will need to be ready to protect their devices and their bank accounts . Criminals try to access mobile apps in a number of ways . When a mobile app communicates with a financial institution ’ s server over the internet , the app verifies the bank ’ s or credit union ’ s identity by checking its server certificate . With a man-in-the-middle attack , fraudsters will try to “ listen in ” on this network traffic , perhaps by accessing the same public Wi-Fi network as the mobile user , and attempt to send Attack.Phishing a fake bank server certificate to the mobile app . If the app accepts the fake certificate , it could let the hacker receive the user ’ s personal information . When installed on a mobile device , key logger programs secretly record a person ’ s actions as he or she uses the device . With a banking app , the malicious software could log your account names , numbers and passwords and send them to a hacker . It ’ s been around for years , but this tried and true hack is still popular with criminals , says Doug Johnson , senior vice president of payments and cybersecurity policy at the American Bankers Association . It occurs when a fraudster pretends to be Attack.Phishing a legitimate financial institution that asks a mobile user to submit private bank information . Many phishing attempts Attack.Phishing bypass mobile apps completely . A hacker could send Attack.Phishing emails telling people their account is locked and asking them to reply to the message with their account username and password . But the account isn ’ t locked , and the information a person sends would go to the criminal , not the bank .