What are security issues about sending bank alerts via email/SMS?


Banks offer to send alerts for each transaction happening on a customers account. My bank is offering three options: SMS alerts, email alerts and push alerts into their own app. Only sms alerts are free of charge. The other options are a very small fee each time a transaction happens.

Could scammers make much out of transaction alerts containing the transaction’s IBAN, the amount and sender and recipient?

Besides that, what is the wisest choice between the options? Email notifications could be intercepted if the scammers gain control of my email account. I might not receive emails while traveling in an area with low reception, while sms still come through.

SMS might be problematic if my phone gets stolen with the sim card. So there’s no way to be informed (but also no good way to authenticate myself to the bank to halt all transactions).

The bank app is not good because it relies on me having a smart phone and an internet connection. The bank states that email and sms will be send unencrypted (as usual), this option is not clear, but it probably will be.

Which of these options offers the most unlikely scam scenarios?