The future of banking is increasingly mobile. As mobile banking grew from 11% in 2012 to 31% in 2017, banking from a desktop decreased from from 81% to 79%. A key driver of this transition is the convenience for banking customers, but this trend benefits banks and credit unions too. Compared to consumers who don’t use a banking app, customers who are highly satisfied with their mobile banking experience are a lot more likely not only to refer that bank to others, but also purchase another financial product from their bank.
Money on the Move: Surveying the Mobile Banking Fraud Threat Landscape
As they hustle to serve their existing customers and attract new ones, banks have no choice but to maintain a mobile-first focus. Doing so will protect their growth; the percentage of smartphone users who’ve reported using some form of mobile banking has increased from 36% to 60% over four years. Banks are obligated to understand the mobile banking fraud threat landscape and plan their mobile banking rollout, protecting their reputation and assets.
Authorities in the UK reported last year that the number online banking fraud cases in 2016 exceeded 20,000, with the amount of money lost to fraud that year totaling £102/$142 million. And this is despite all the commonplace security measures (strong password rules, 2FA, HTTPS, max limit of failed logins, etc.)
This new channel is already on the fraudsters’ radar: online banking fraud exceeded those of telephone banking fraud (£32.3/$45 million); mobile banking fraud during that same year came in at slightly more than £2.8/$3.9 million.
The Continual Fight Against Online Banking Fraud
Financial institutions should remain vigilant to the prevalent threats to online banking platforms, keeping in mind that perhaps the biggest threats to both the bank and its customers are the customers themselves. As Gottfried Leibbrandt, CEO of SWIFT, the financial messaging vendor commented, “the weak link will always be the customer at the end of the day.”
Customers can be duped into sending fraudsters money from their accounts via telephone, web, and mobile channels, as the UK banking fraud numbers above clearly attest. As the $81 million heist of the Bangladesh Central Bank in 2016 showed, hackers can use customer accounts as stepping stones to large-scale fraud.
The Unique Challenges of Combating Mobile Banking Fraud
With the explosive growth of mobile banking apps and the ever-evolving tactics of criminals, securing mobile banking applications against fraudulent attacks is becoming more important than ever. Fraud has followed accelerated mobile banking adoption and a survey release by RSA in 2016 showed that over half of all confirmed fraudulent transactions originated on mobile.
The current mobile banking fraud threat landscape presents several unique security challenges:
- Mobile users aren’t as security conscious on their mobiles as they are on their desktops or laptops.
Perhaps this stems from a failure to perceive smartphones as general purpose, connected computers. As a result, users often don’t install anti-virus, fraud protection, or other security software on their phones.
- Millennials are more lax about sharing personal information online.
Cybercriminals are adept at piecing together information gleaned from social media and other publicly available sources. They then use this intelligence to guess the answers to account security questions, launch phishing attacks to harvest login credentials, infect victims with malware, and take over mobile banking accounts. Since this age group is a huge driver of the mobile banking revolution, robust solutions for securing mobile banking apps must assume that the initial username/password login will be compromised and that continuous authentication will be required.
- Like all other software, mobile banking apps will have security holes.
Even when users download official apps from legitimate app stores, millions of people will be made vulnerable, underscoring the need for mobile banking app security to look beyond the traditional digital safeguards.
- Mobile device users commonly compromise a device’s security.
And not surprisingly by jail-breaking their phones, making them and their bank accounts vulnerable. Whether it’s through the installation of vendor-unapproved apps or the disabling of a vendor’s security features, jail-breaking opens up several attack vectors in one fell swoop.
Bottom Line for Mobile Banking
Mobile banking, while promising more convenience to customers and revenue for banks and credit unions, increases the threat of fraud. And as financial institutions continue to combat financial crime, the rapid adoption of banking apps will continue to pose one of the greatest security challenges of the decade.