Mobile Transforming Banking amid Fraud Concerns
Mobile has revolutionized how business is done in many sectors, including banking. Given its very nature, banking and financial services should be concerned about the kind of attacks and frauds they’re susceptible to, which also seem to be evolving steadily as we speak.
Let’s discuss further.
Fraud Trends at Present
Fraud trends in mobile today include highly sophisticated malware. Attackers are exploiting banks providing new mobile service offerings to consumers.
PCs continue to get steam-rolled as about 50% logins at major US banks take place through native banking apps – as a result, more fraudsters and hackers are attempting to cash in on services like peer-to-peer payments and mobile deposits on mobile websites and native apps.
What’s more worrisome is how mobile malware is growing, particularly when it comes to Android. The thing is malware is generally designed to acquire user credentials, through which attackers take control of accounts and cause financial damage; unfortunately, more advanced variants are now capable of leveraging SMS balance checks to carry out phishing attacks and keylogging, along with ransomware capabilities.
Shift to Mobile Increasing – Next Fraud Trend
Even though, relative to PCs, there haven’t been too many fraud cases stemming from tablets or smartphones, mobile fraud will likely grow in the coming years. Services targeting mobile consumers are constantly expanding and an unfortunate reality is we may see more attacks since many mobile app features are primarily designed for convenience, not security.
To give you a broader picture, here are three basic forms of fraud committed from time to time in the mobile banking industry:
1. Mobile malware continues to rise – new variants are emerging and they are significantly more sophisticated than their predecessors. Whether it’s through a common scheme or a phishing site, malware attacks are notorious for stealing sensitive consumer information.
As an example, you launch your banking app and get redirected to a phishing site, which asks for account credentials as well as other “required” info like SSN, PIN, credit card number etc. Keylogging can also be used to nab login details.
Every malware variant that exists today employs one of these methods to steal credentials and vital data.
2. From a convenience and service perspective, mobile deposit capture has always been a consumer favorite. However, there is cause for concern at top banks as the risk assessment and security teams are not completely familiar with marketing initiatives, when such services are being developed.
An unfortunate after effect of this is that risk mitigation experts are left out of the loop when it comes to eliminating security gaps in new app features and functionality. They ought to be consulted all throughout the development process when new mobile offerings are introduced.
3. Another growing threat is known as social engineering with the aid of links, calls and emails; attackers are starting to exploit relationship backgrounds in order to mask their fraudulent attempts and make them appear legitimate.
Attacks today are much more than just zero personalization and misspellings. Today, you will see attacks exploiting personal information, which also look unbelievably legit. What’s even more disturbing is that fraudsters can use this information to trick users into providing data that would complete the entire puzzle. This is then used to get into accounts and carry out online transactions without their consent of course.
Banks Need to Protect Themselves and Consumers
In the event of a fraud, the first ones to take a hit are your customers. To prevent invaluable relationships from going to waste, your bank should incorporate multiple layers of security by implementing controls that are constantly fine-tuned to identify and prevent fraudulent access.
This multi-layered approach involves a potent risk engine combined with device intelligence, which should be present across every online and mobile channel. Owing to recent breaches, compromised data is available in abundance – it’s going to take a lot more than just relying on passwords and usernames, up-to-date identity information and basic authentication to protect account holders from fraud.
Most enterprises are anteing up by incorporating several complementary controls to satisfy security needs and curb user inconvenience. As you can imagine, this is more of a balancing act than anything else, though technologies such as SMS tokens and device intelligence are starting to see wide adoption.
Native app technologies like biometrics and geo-location are showing a lot of promise as far as mobile security goes. However, they are often seen as more intrusive than necessary, unless consumers are performing transactions which require an unusually high amount of security. Another caveat is that these solutions are essentially “opt-in only” for now so there’s no telling if adoption would be as widespread as desired.
The faster banks roll out technologies focusing on authenticating genuine users in a quick and convenient way, the better it will be in the long run, for both entities. Covert device intelligence is a good contender for this case as well – friction is limited and it has the ability to provide a seamless user experience across all channels with online connectivity, not just mobile.
What’s your take on security in mobile banking apps? Drop us a comment or two. You can also get in touch with us to discuss anything at all on mobile apps or games.