Online and mobile banking provide great convenience for consumers, who no longer have to visit bank branches to deposit money, take out money or perform other transactions. Online banking also provides an easier and faster method for paying bills, with traditional checks virtually obsolete now in many countries.

However, online and mobile banking can also provide rich picking for criminals who are abandoning traditional crimes such as burglary in favor of identity theft and online fraud. Online fraud can be easier to perpetrate than traditional crimes, and there is less of a risk that the criminal will be caught.

Criminals have a number of tools at their disposal to con online banking users. These include man-in-the-browser (MitB) and man-in-the-middle (MitM) attacks in which criminals intercept data as it flows between a user and an online banking application and can be used to take over accounts. According to the Aite Group, such attacks will be responsible for losses of $794 million to financial institutions globally by 2016, an increase of 75 percent over 2012.

In many cases, consumers are covered for the majority of their financial losses if they are defrauded, but only if they notify the institution concerned within a specific time period and the fraud can be traced. However, criminals can extract all sorts of data from online transactions, some of which could be used to perpetrate identity theft, with which losses can be considerably higher — both financially and in terms of the distress caused.

The dangers are real, and all online and mobile banking services should take steps to boost security and guard themselves.

Commonsense Steps to Take

As with almost any application, a password is generally required to access online and mobile banking applications. Consumers should not only choose a sufficiently complex password, but they should also ensure they follow safe password practices, such as not writing it down, not using the same password for other applications and changing the password regularly. Consumers should also ensure they log out of any banking site once transactions have been completed or should at least close down the browser in order to prevent unauthorized access. Some banks provide customers with hardware tokens that provide a one-time password for each banking session, which provides a more secure form of authentication than just a password.

Banking customers should also make sure the device they are using is adequately secure, using and regularly updating anti-malware controls and installing patches and operating system upgrades when they are made available. They should avoid using public computers or insecure Wi-Fi connections when making banking transactions, as well.

It is also recommended that banking customers regularly monitor their accounts to check for suspicious activity. This way, the bank can be notified of anything found in a timely manner to avoid being held liable for the activity. Some banks offer customers alert facilities so they can stay abreast of transactions and be alerted when, for example, a bill payment is due.

Consumers should also be wary of unsolicited messages supposedly from their financial institution — especially those asking them to provide personal or account-related information such as their PIN. They should also never click on links that point to websites since such links could also take them to websites that have been hijacked or spoofed. It is far better to manually type the URL into a browser, even when a realistic-looking logo is included in the message.

Use Specialized Software

Perhaps the best step consumers can take beyond the commonsense measures listed above is to download and use specialized software that is often provided for free by financial institutions and is designed to protect both the financial institutions themselves and their customers against cyberattacks.

One such software is IBM’s Trusteer Rapport, which provides an additional layer of protection against phishing attacks and redirections to fake websites. Designed to work alongside anti-malware controls and firewalls, Rapport protects information that is inputted by users, such as account numbers and PINs, from being stolen by malicious software such as Trojans. It can also protect consumers against other exploits, such as phishing, through the use of specialized algorithms and MitM attacks by preventing malware from being installed on a device. Rapport provides an additional layer of protection when it is downloaded and checks devices for the presence of existing malware before attempting to remove it. Many financial institutions worldwide encourage customers to download and use software like Rapport.

Many of the precautions that consumers should take when using online and mobile banking services apply to other services they use and are really commonsense precautions. However, given the nature of banking, it makes a great deal of sense to download and use specialized software provided by a financial institution in order to add an extra layer of security that will prevent consumers from becoming a victim of crime.

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…