Smartphones are a trove of information for identity thieves. Unfortunately, most smartphone users aren't doing enough to protect the personal information on their devices, setting themselves up to be victims if their phones are lost, stolen or even innocently borrowed by acquaintances.
A 2013 LifeLock survey found that about 40 percent of smartphone users in the United States didn't understand information security well enough to protect the personal data stored on their phones. Thirty-six percent said they didn't use basic smartphone protection features, such as enabling remote wipes or setting passcode locks.
MORE:Best Android Anti-Virus Software 2014
Such lack of awareness didn't stop 44 percent of users in the Lifelock survey from storing and transmitting sensitive information, such as banking and financial data, on the devices. With 70 percent of American adults owning at least one smartphone, that's a lot of opportunity for identity thieves.
So many smartphones, so many identities to steal
The chances for identity theft via smartphone are greater than many of us realize. David Lindner, global practice manager of mobile application security services for Aspect Security in Columbia, Md., pointed out that there are now more cellular subscriptions than there are people in the world. That means a lot of devices chock-full of personal information.
People are also sloppy with those phones, Lindner added, with 113 devices lost every minute of every day in the United States. That's akin to handing over your house keys to a criminal and inviting him in.
"Smartphones are the ideal gateway to people's private lives, where we store not only music and videos, but also sign in to social media accounts, online banking, email and even company data," said Santiago Pontiroli, security researcher at the Argentine branch of Moscow-based antivirus maker Kaspersky Lab.
"A big risk is the potential theft of sensitive information, like account passwords, contact information and personal data," he added. "Other risks include financial loss or having your phone used as a catalyst to steal information from others."
Even two-factor authentication, often touted as a security magic bullet, becomes useless if a phone is lost or stolen, Pontiroli said.
"If the device is not immediately noticed missing (or properly secured)," he said, "it could mean the compromise of other accounts protected by the device."
Trade convenience for reduced risk
A smartphone is like having a personal assistant tucked into your purse or pocket. Want to remember the wine a friend served for dinner? Take a picture of the bottle or jot down the vineyard's name in a note-taking app, and, voilà, the information will be at your fingertips when you visit the wine store.
Think your best friend's birthday might be soon? Store her birth date and address in your contacts, then go to her favorite online store to buy a gift, and punch in the credit-card information you also keep stored on the phone.
But by putting a credit-card number on a phone, you're already getting into trouble. And it could be worse. Can't remember your Social Security number? You definitely know you shouldn't keep that on your smartphone, but for many people, convenience wins out.
All this convenience creates risks. To prevent risk of identity theft, you may have to accept some inconvenience.
Pontiroli said there are pieces of information that should never be stored on a smartphone. They include Social Security numbers, passport and driver's license numbers, passwords and user names, bank account information and your home address and full birth date — any piece of information that could provide personal details of your life to a criminal.
Even syncing your phone to cloud-storage services that holds such personally identifiable information can be risky, especially if the files stored in the cloud aren't encrypted. And don't forget about the sites you access via your smartphone.
"Because a lot of your email and social media accounts are set to keep you [permanently] signed in on the device for convenience, a lost device means someone will have direct access to a variety of your accounts once they get past the initial lock screen," said Sean Sullivan, security adviser at antivirus company F-Secure in Helsinki, Finland.
How to make sure you're not a victim
It isn't just what's stored on the phone that has to be protected; you also need to be careful on how that information is transmitted to other devices and services.
"It isn't about the types of data being transmitted, it is about how securely the data is transmitted," Lindner said in an email message.
"A mobile device has many different protocols (Bluetooth, Wi-Fi, cellular, NFC, RFID) and users must be acutely aware of how an application, or their device, transmits their sensitive data," he said. "Transmission from a mobile device is no different than transmitting from your Web browser or your personal computer."
Smartphone users can reduce the risk of identity theft with a few simple actions.
— First and foremost, use the security functions that are already built into the phone, such setting up a PIN or password lock to access the phone's features.
— Always log off websites and email services when you finish using them, and never set up websites to auto-remember passwords.
— Install mobile security software that scans apps for malware and allows you to remotely "wipe" the device of personal data if it goes missing.
"Mobile devices can hold a lot of information," Pontiroli said. "But just because you are able to do it, [it] doesn't mean you should carry all your digital life on your phone."