The convenience and fluidity of access that mobile devices promise makes them one of the most sought after platforms for banking and mobile commerce. A recent study by IDC shows an estimated growth of 49.2% in the worldwide Smartphone market. This implies that these devices are being used for just about everything. What this also suggests is that, there will be challenges where security and privacy of the users and the service providers are concerned.
Mobile banking is carried out mostly in three ways: Using dedicated mobile banking apps, through the mobile browser and by simply sending an SMS. And there are risks involved in all of these.
Banks have to meet the staggering pressure of giving the right functionality to their customers without giving the farm away to criminals. The customers have to decide whether an app is safe enough to use. These situations would make any cyber criminal jump for joy!
Here’s a brief explanation of the issues that challenge mobile banking:
- Mobile device malware: Incorporated with key loggers and the ability to record SMS and phone conversations; it can also be used as a channel to exploit corporate networks.
- Lack of multi-layer security: There is no simultaneous effort to keep up with emerging threats.
- Mobile platform vulnerabilities: Unpatched OS, malicious apps installed in the mobile device further amplifies the risk scenario.
- More players, more risks: A mobile system is dependent on a number of players such as device manufacturers, operating systems, network operators, application developers, etc. many of which fall outside the scope of core financial services. Man-in-the-middle attacks can take place when the end user is downloading a mobile banking app from the bank's server or accessing the server.
- Even legitimate mobile applications have a long way to go. Reportedly, some of these apps still store client usernames and passwords in rich text formats.
- Privacy issues, especially those revolving around geo-location issues need to be addressed. Financial institutions have to balance convenience with security and fraud prevention.
- If your precious device stays behind in the backseat of a cab or you leave it in a café and your online banking apps or sites are set to automatic logins, then a cybercriminal could potentially access your account.
The idea is to be aware so that you can enjoy the convenience of mobile banking without compromising on your security.
- Set an auto-lock to your device and use a password.
- If your device is not secure, don’t save personally identifiable information or other valuable data in it.
- Don’t SMS your bank account number. Delete SMSs sent from your bank.
- Don’t distribute your bank information to others.
- Use a legit app from your bank. This will ensure that you visit the appropriate site and not get caught in a phishing attack.
- If you have to use Wi-Fi connections in public places to access your bank account, ensure that you change the passwords immediately.
- Regularly check your financial statements for irregularities.
- Read user reviews of banking apps before you download them. Report any apps that may be spoofed.
- Jail-breaking or hacking your mobile device exposes it to malware attacks.
- Use an effective mobile security product that brings you real-time protection against malicious apps, threats, anti-theft, call and SMS blocking features.
Mobile devices are no longer just phones - they are computers in their own right. Financial institutions and customers need to be aware of the potential security risks associated with them. Understanding the issues that plague mobile banking helps the customer to make safer and wiser choices.