Online and mobile banking provide great convenience for consumers, who no longer have to visit bank branches to deposit money, take out money or perform other transactions. Online banking also provides an easier and faster method for paying bills, with traditional checks virtually obsolete now in many countries.

However, online and mobile banking can also provide rich picking for criminals who are abandoning traditional crimes such as burglary in favor of identity theft and online fraud. Online fraud can be easier to perpetrate than traditional crimes, and there is less of a risk that the criminal will be caught.

Criminals have a number of tools at their disposal to con online banking users. These include man-in-the-browser (MitB) and man-in-the-middle (MitM) attacks in which criminals intercept data as it flows between a user and an online banking application and can be used to take over accounts. According to the Aite Group, such attacks will be responsible for losses of $794 million to financial institutions globally by 2016, an increase of 75 percent over 2012.

In many cases, consumers are covered for the majority of their financial losses if they are defrauded, but only if they notify the institution concerned within a specific time period and the fraud can be traced. However, criminals can extract all sorts of data from online transactions, some of which could be used to perpetrate identity theft, with which losses can be considerably higher — both financially and in terms of the distress caused.

The dangers are real, and all online and mobile banking services should take steps to boost security and guard themselves.

Commonsense Steps to Take

As with almost any application, a password is generally required to access online and mobile banking applications. Consumers should not only choose a sufficiently complex password, but they should also ensure they follow safe password practices, such as not writing it down, not using the same password for other applications and changing the password regularly. Consumers should also ensure they log out of any banking site once transactions have been completed or should at least close down the browser in order to prevent unauthorized access. Some banks provide customers with hardware tokens that provide a one-time password for each banking session, which provides a more secure form of authentication than just a password.

Banking customers should also make sure the device they are using is adequately secure, using and regularly updating anti-malware controls and installing patches and operating system upgrades when they are made available. They should avoid using public computers or insecure Wi-Fi connections when making banking transactions, as well.

It is also recommended that banking customers regularly monitor their accounts to check for suspicious activity. This way, the bank can be notified of anything found in a timely manner to avoid being held liable for the activity. Some banks offer customers alert facilities so they can stay abreast of transactions and be alerted when, for example, a bill payment is due.

Consumers should also be wary of unsolicited messages supposedly from their financial institution — especially those asking them to provide personal or account-related information such as their PIN. They should also never click on links that point to websites since such links could also take them to websites that have been hijacked or spoofed. It is far better to manually type the URL into a browser, even when a realistic-looking logo is included in the message.

Use Specialized Software

Perhaps the best step consumers can take beyond the commonsense measures listed above is to download and use specialized software that is often provided for free by financial institutions and is designed to protect both the financial institutions themselves and their customers against cyberattacks.

One such software is IBM’s Trusteer Rapport, which provides an additional layer of protection against phishing attacks and redirections to fake websites. Designed to work alongside anti-malware controls and firewalls, Rapport protects information that is inputted by users, such as account numbers and PINs, from being stolen by malicious software such as Trojans. It can also protect consumers against other exploits, such as phishing, through the use of specialized algorithms and MitM attacks by preventing malware from being installed on a device. Rapport provides an additional layer of protection when it is downloaded and checks devices for the presence of existing malware before attempting to remove it. Many financial institutions worldwide encourage customers to download and use software like Rapport.

Many of the precautions that consumers should take when using online and mobile banking services apply to other services they use and are really commonsense precautions. However, given the nature of banking, it makes a great deal of sense to download and use specialized software provided by a financial institution in order to add an extra layer of security that will prevent consumers from becoming a victim of crime.

More from Banking & Finance

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today