For the first time ever, there are more people using mobile banking apps than people who actually go into their bank branch, according to a new survey by Javelin Strategy & Research.
This comes as hardly a surprise; even tiny banks are now able to offer day-to-day services, like check depositing or account management, on a mobile device via third-party software providers. However, banks aren’t entirely abandoning their branches yet because with all the convenience and expected safety of mobile banking apps and even online banking, security remains a concern.
Banking fraud expert Julie Conroy of The Aite Group warns that “as additional people flock to the mobile channel and transactions multiply, the bad guys are paying attention and deploying more attacks against it.” The best way to protect private information and data is to know the risks of baking via mobile devices and Internet connections, including the following:Malware attacks. Banking apps, like most apps, can be targets of malware attacks, which are designed to raid apps and commandeer sensitive data. Unprotected binary code in mobile apps can be directly accessed, examined, modified, and exploited by attackers. Rogue apps. Hackers create fake apps designed to look similar to the originals; any confidential information entered into one of these apps is fair game for theft. SIM swaps. According to Mint Money, mobile phone numbers have become an important tool to access financial details, and fraudsters can get ahold of this by duplicating SIM from an individual’s telecom services provider by using a fake ID. Auto-saved passwords. This applies to both home computers and mobile devices: don’t tell the login to “remember you” on each visit. Doing so gives anyone with physical access to the device admission to personal funds. Misconfigured Certificates. It is critical that a bank uses a SSL Certificate to encrypt information in transit, which is one of the most important factors when it comes to sensitive financial information. If a bank does not keep SSL Certificates updated on their website, or if the certificates are misconfigured or incorrectly installed, the connection is then vulnerable for eavesdropping.
For example, Global security firm Xiphos Research looked into UK high street banks and their implementations of SSL Certificates, and more than half of the UK’s retail banks have unsecure cases of SSL. In fact, of the 22 retail banks examined in the research report, 50% were found to have unsecure SSL instances. This makes it much easier for cyber criminals to access private financial data during the user’s log in process.
The following are precautions for both businesses and individuals to adhere to when it comes to trusting online banking websites and mobile banking apps:
Understanding the risks of banking via Internet connection on a home computer or a mobile device is critical to keeping access to confidential information and individual accounts private. It is important to remember that while many banks and financial institutions do use various tools to prevent fraud, some, as discussed above, are not as careful.