The use of mobile devices is at an all-time high. According to a KPCB report, mobile digital media is now outpacing desktop usage. The report stated that adults with access to digital media use mobile 51 percent of the time compared to 42 percent for desktop usage and 7 percent for all other devices.

These statistics are far from shocking. Walk into a bustling restaurant during lunch hour and you will see mobile devices in the hands of businesspeople, students, children, parents and even retirees. The message is loud and clear: You must be able to reach your consumers via mobile devices.

Financial institutions seeking to remain competitive and keep customer satisfaction high must offer mobile access to their customer base. According to Community Banking Connections, “Many community banks recognize the value of mobile banking — it provides them with avenues and opportunities to reach geographically remote or rural markets, to focus on new markets, to innovate, to overcome infrastructure limitations and improve efficiency, to access payment systems or even simply to retain market share.”

Worried about mobile security? You should be. Read the white paper to learn more

The Major Mobile Banking Risks

With all this opportunity comes risk. Financial institutions must assume the risk associated with mobile banking. These risks come in many forms, including malware, corrupt apps, flawed authentication, lost or stolen devices and more.

Mobile Malware

Mobile devices have evolved from telephones to pocket-sized computers. Mobile users must recognize this and protect them in the same way they would their PC. Malware specifically targeting mobile devices has become a very real and prominent threat. Mobile malware can consist of viruses, Trojans, spyware, malvertising and rootkits.

[onespot-mobile-content]

Poor App Design, Configuration or Corrupt Apps

Using mobile apps for banking tends to be safer than logging in via your mobile browser. However, every mobile platform has unique characteristics that these apps must prepare for. Developers may not fully understand the risks associated with mobile banking and accidentally leave vulnerabilities open for fraudsters to exploit as a result.

Third-party apps open users up to a multitude of risks since these programs may leverage credentials from other applications — even if these apps have weaker security in place. For example, a shopping app could leverage your banking login information (username and password) to access your bank’s services to facilitate a transaction.

Unsecure Wi-Fi Networks

Free Wi-Fi is a coveted luxury for mobile device users. It can be found in restaurants, coffee shops, airports and many other public places. But when accessing free Wi-Fi, it is important to understand that the activity you are conducting may be visible to someone else.

Hotspots may be spoofed by fraudsters. For example, your local coffee shop’s network may be called FreeCoffee. A fraudster my set up Wi-Fi at or near that location called FreeCoffee1 to trick you into using that network.

According to the Financial Consumer Agency of Canada, “When using public Wi-Fi hotspots, you could also expose yourself to packet sniffers. Thieves using packet sniffers want your banking details and your personal information, such as your name, address or phone number. These personal details may be harmless on their own, but once they are combined, you can be at a higher risk for fraud.”

Mobile Device ID Vulnerabilities

Many financial institutions work to gather the device fingerprint for each mobile unit the customer uses. This involves collecting information about the device, which is then stored in a system to identify the true customer from a potential fraudster. However, fraudsters are a dynamic bunch of bad actors and have developed ways of fooling device fingerprinting methods.

Remote Deposit Capture Fraud

Check fraud is not a new issue. In fact, it remains one of the biggest types of fraud within a financial institution.

Remote deposit capture allows for users to snap a picture on their mobile device and deposit a check. While financial institutions have put rigid customer agreements and monitoring of this technology in place, fraudsters have found flaws in the system. For example, they have found ways to access the remote-deposit database, copied the images of thousands of checks and provided those reproduced checks to money mules to be moved out of the financial system.

Analyst Thoughts

An IBM study found 58 percent of security experts at financial institutions ranked mobile concerns as a risk indicator inhibiting their organization’s full deployment of a mobile security strategy. However, there are steps financial institutions and other consumer organizations can take to reduce their mobile fraud risks.

Organizations must better align their new-to-market technology teams with their security teams. Competition to introduce the latest and greatest thing to market will always be high, and organizations tend to fear that security teams will greatly slow down their go-to-market plans. By connecting these key players early in the development process, many risks can be identified in correlation to the creation.

Organizations must adopt mobile malware detection and technology solutions. Having the right tools in place to stop threats is key to safeguarding consumers and financial institutions alike. Take First Data Corporation as an example: It is one of the largest payment processing organizations in the world, working with about 6 million businesses and 4,000 financial institutions worldwide. It takes its security practices very seriously and works to identify best-in-industry business processes and solutions. It believes in taking a holistic approach to security, compliance and risk management.

To do this, it tracks mobile device usage and use analysis to determine whether to allow access to the consumer’s banking information. First Data Corporation proactively manages threats to ensure safety, but with no interruption to the consumer’s process.

Advancements in mobile technology allow people to do a number of things. They can attain information and resources from their organization from any location to enhance business product ability. They can pay bills, purchase clothing, talk to family and friends, check social media and much more.

New technology has the ability to increase productivity and profits. With these benefits come risks — and it is important to get in front of them before they strike!

Mobile security isn’t just about mobile fraud. Read the white paper to learn more

More from Banking & Finance

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today