June 7, 2016 By Brooke Satti Charles 4 min read

The use of mobile devices is at an all-time high. According to a KPCB report, mobile digital media is now outpacing desktop usage. The report stated that adults with access to digital media use mobile 51 percent of the time compared to 42 percent for desktop usage and 7 percent for all other devices.

These statistics are far from shocking. Walk into a bustling restaurant during lunch hour and you will see mobile devices in the hands of businesspeople, students, children, parents and even retirees. The message is loud and clear: You must be able to reach your consumers via mobile devices.

Financial institutions seeking to remain competitive and keep customer satisfaction high must offer mobile access to their customer base. According to Community Banking Connections, “Many community banks recognize the value of mobile banking — it provides them with avenues and opportunities to reach geographically remote or rural markets, to focus on new markets, to innovate, to overcome infrastructure limitations and improve efficiency, to access payment systems or even simply to retain market share.”

Worried about mobile security? You should be. Read the white paper to learn more

The Major Mobile Banking Risks

With all this opportunity comes risk. Financial institutions must assume the risk associated with mobile banking. These risks come in many forms, including malware, corrupt apps, flawed authentication, lost or stolen devices and more.

Mobile Malware

Mobile devices have evolved from telephones to pocket-sized computers. Mobile users must recognize this and protect them in the same way they would their PC. Malware specifically targeting mobile devices has become a very real and prominent threat. Mobile malware can consist of viruses, Trojans, spyware, malvertising and rootkits.


Poor App Design, Configuration or Corrupt Apps

Using mobile apps for banking tends to be safer than logging in via your mobile browser. However, every mobile platform has unique characteristics that these apps must prepare for. Developers may not fully understand the risks associated with mobile banking and accidentally leave vulnerabilities open for fraudsters to exploit as a result.

Third-party apps open users up to a multitude of risks since these programs may leverage credentials from other applications — even if these apps have weaker security in place. For example, a shopping app could leverage your banking login information (username and password) to access your bank’s services to facilitate a transaction.

Unsecure Wi-Fi Networks

Free Wi-Fi is a coveted luxury for mobile device users. It can be found in restaurants, coffee shops, airports and many other public places. But when accessing free Wi-Fi, it is important to understand that the activity you are conducting may be visible to someone else.

Hotspots may be spoofed by fraudsters. For example, your local coffee shop’s network may be called FreeCoffee. A fraudster my set up Wi-Fi at or near that location called FreeCoffee1 to trick you into using that network.

According to the Financial Consumer Agency of Canada, “When using public Wi-Fi hotspots, you could also expose yourself to packet sniffers. Thieves using packet sniffers want your banking details and your personal information, such as your name, address or phone number. These personal details may be harmless on their own, but once they are combined, you can be at a higher risk for fraud.”

Mobile Device ID Vulnerabilities

Many financial institutions work to gather the device fingerprint for each mobile unit the customer uses. This involves collecting information about the device, which is then stored in a system to identify the true customer from a potential fraudster. However, fraudsters are a dynamic bunch of bad actors and have developed ways of fooling device fingerprinting methods.

Remote Deposit Capture Fraud

Check fraud is not a new issue. In fact, it remains one of the biggest types of fraud within a financial institution.

Remote deposit capture allows for users to snap a picture on their mobile device and deposit a check. While financial institutions have put rigid customer agreements and monitoring of this technology in place, fraudsters have found flaws in the system. For example, they have found ways to access the remote-deposit database, copied the images of thousands of checks and provided those reproduced checks to money mules to be moved out of the financial system.

Analyst Thoughts

An IBM study found 58 percent of security experts at financial institutions ranked mobile concerns as a risk indicator inhibiting their organization’s full deployment of a mobile security strategy. However, there are steps financial institutions and other consumer organizations can take to reduce their mobile fraud risks.

Organizations must better align their new-to-market technology teams with their security teams. Competition to introduce the latest and greatest thing to market will always be high, and organizations tend to fear that security teams will greatly slow down their go-to-market plans. By connecting these key players early in the development process, many risks can be identified in correlation to the creation.

Organizations must adopt mobile malware detection and technology solutions. Having the right tools in place to stop threats is key to safeguarding consumers and financial institutions alike. Take First Data Corporation as an example: It is one of the largest payment processing organizations in the world, working with about 6 million businesses and 4,000 financial institutions worldwide. It takes its security practices very seriously and works to identify best-in-industry business processes and solutions. It believes in taking a holistic approach to security, compliance and risk management.

To do this, it tracks mobile device usage and use analysis to determine whether to allow access to the consumer’s banking information. First Data Corporation proactively manages threats to ensure safety, but with no interruption to the consumer’s process.

Advancements in mobile technology allow people to do a number of things. They can attain information and resources from their organization from any location to enhance business product ability. They can pay bills, purchase clothing, talk to family and friends, check social media and much more.

New technology has the ability to increase productivity and profits. With these benefits come risks — and it is important to get in front of them before they strike!

Mobile security isn’t just about mobile fraud. Read the white paper to learn more

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today