The use of mobile devices is at an all-time high. According to a KPCB report, mobile digital media is now outpacing desktop usage. The report stated that adults with access to digital media use mobile 51 percent of the time compared to 42 percent for desktop usage and 7 percent for all other devices.

These statistics are far from shocking. Walk into a bustling restaurant during lunch hour and you will see mobile devices in the hands of businesspeople, students, children, parents and even retirees. The message is loud and clear: You must be able to reach your consumers via mobile devices.

Financial institutions seeking to remain competitive and keep customer satisfaction high must offer mobile access to their customer base. According to Community Banking Connections, “Many community banks recognize the value of mobile banking — it provides them with avenues and opportunities to reach geographically remote or rural markets, to focus on new markets, to innovate, to overcome infrastructure limitations and improve efficiency, to access payment systems or even simply to retain market share.”

Worried about mobile security? You should be. Read the white paper to learn more

The Major Mobile Banking Risks

With all this opportunity comes risk. Financial institutions must assume the risk associated with mobile banking. These risks come in many forms, including malware, corrupt apps, flawed authentication, lost or stolen devices and more.

Mobile Malware

Mobile devices have evolved from telephones to pocket-sized computers. Mobile users must recognize this and protect them in the same way they would their PC. Malware specifically targeting mobile devices has become a very real and prominent threat. Mobile malware can consist of viruses, Trojans, spyware, malvertising and rootkits.


Poor App Design, Configuration or Corrupt Apps

Using mobile apps for banking tends to be safer than logging in via your mobile browser. However, every mobile platform has unique characteristics that these apps must prepare for. Developers may not fully understand the risks associated with mobile banking and accidentally leave vulnerabilities open for fraudsters to exploit as a result.

Third-party apps open users up to a multitude of risks since these programs may leverage credentials from other applications — even if these apps have weaker security in place. For example, a shopping app could leverage your banking login information (username and password) to access your bank’s services to facilitate a transaction.

Unsecure Wi-Fi Networks

Free Wi-Fi is a coveted luxury for mobile device users. It can be found in restaurants, coffee shops, airports and many other public places. But when accessing free Wi-Fi, it is important to understand that the activity you are conducting may be visible to someone else.

Hotspots may be spoofed by fraudsters. For example, your local coffee shop’s network may be called FreeCoffee. A fraudster my set up Wi-Fi at or near that location called FreeCoffee1 to trick you into using that network.

According to the Financial Consumer Agency of Canada, “When using public Wi-Fi hotspots, you could also expose yourself to packet sniffers. Thieves using packet sniffers want your banking details and your personal information, such as your name, address or phone number. These personal details may be harmless on their own, but once they are combined, you can be at a higher risk for fraud.”

Mobile Device ID Vulnerabilities

Many financial institutions work to gather the device fingerprint for each mobile unit the customer uses. This involves collecting information about the device, which is then stored in a system to identify the true customer from a potential fraudster. However, fraudsters are a dynamic bunch of bad actors and have developed ways of fooling device fingerprinting methods.

Remote Deposit Capture Fraud

Check fraud is not a new issue. In fact, it remains one of the biggest types of fraud within a financial institution.

Remote deposit capture allows for users to snap a picture on their mobile device and deposit a check. While financial institutions have put rigid customer agreements and monitoring of this technology in place, fraudsters have found flaws in the system. For example, they have found ways to access the remote-deposit database, copied the images of thousands of checks and provided those reproduced checks to money mules to be moved out of the financial system.

Analyst Thoughts

An IBM study found 58 percent of security experts at financial institutions ranked mobile concerns as a risk indicator inhibiting their organization’s full deployment of a mobile security strategy. However, there are steps financial institutions and other consumer organizations can take to reduce their mobile fraud risks.

Organizations must better align their new-to-market technology teams with their security teams. Competition to introduce the latest and greatest thing to market will always be high, and organizations tend to fear that security teams will greatly slow down their go-to-market plans. By connecting these key players early in the development process, many risks can be identified in correlation to the creation.

Organizations must adopt mobile malware detection and technology solutions. Having the right tools in place to stop threats is key to safeguarding consumers and financial institutions alike. Take First Data Corporation as an example: It is one of the largest payment processing organizations in the world, working with about 6 million businesses and 4,000 financial institutions worldwide. It takes its security practices very seriously and works to identify best-in-industry business processes and solutions. It believes in taking a holistic approach to security, compliance and risk management.

To do this, it tracks mobile device usage and use analysis to determine whether to allow access to the consumer’s banking information. First Data Corporation proactively manages threats to ensure safety, but with no interruption to the consumer’s process.

Advancements in mobile technology allow people to do a number of things. They can attain information and resources from their organization from any location to enhance business product ability. They can pay bills, purchase clothing, talk to family and friends, check social media and much more.

New technology has the ability to increase productivity and profits. With these benefits come risks — and it is important to get in front of them before they strike!

Mobile security isn’t just about mobile fraud. Read the white paper to learn more

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today