Online and mobile banking provide great convenience for consumers, who no longer have to visit bank branches to deposit money, take out money or perform other transactions. Online banking also provides an easier and faster method for paying bills, with traditional checks virtually obsolete now in many countries.
However, online and mobile banking can also provide rich picking for criminals who are abandoning traditional crimes such as burglary in favor of identity theft and online fraud. Online fraud can be easier to perpetrate than traditional crimes, and there is less of a risk that the criminal will be caught.
Criminals have a number of tools at their disposal to con online banking users. These include man-in-the-browser (MitB) and man-in-the-middle (MitM) attacks in which criminals intercept data as it flows between a user and an online banking application and can be used to take over accounts. According to the Aite Group, such attacks will be responsible for losses of $794 million to financial institutions globally by 2016, an increase of 75 percent over 2012.
In many cases, consumers are covered for the majority of their financial losses if they are defrauded, but only if they notify the institution concerned within a specific time period and the fraud can be traced. However, criminals can extract all sorts of data from online transactions, some of which could be used to perpetrate identity theft, with which losses can be considerably higher — both financially and in terms of the distress caused.
The dangers are real, and all online and mobile banking services should take steps to boost security and guard themselves.
Commonsense Steps to Take
As with almost any application, a password is generally required to access online and mobile banking applications. Consumers should not only choose a sufficiently complex password, but they should also ensure they follow safe password practices, such as not writing it down, not using the same password for other applications and changing the password regularly. Consumers should also ensure they log out of any banking site once transactions have been completed or should at least close down the browser in order to prevent unauthorized access. Some banks provide customers with hardware tokens that provide a one-time password for each banking session, which provides a more secure form of authentication than just a password.
Banking customers should also make sure the device they are using is adequately secure, using and regularly updating anti-malware controls and installing patches and operating system upgrades when they are made available. They should avoid using public computers or insecure Wi-Fi connections when making banking transactions, as well.
It is also recommended that banking customers regularly monitor their accounts to check for suspicious activity. This way, the bank can be notified of anything found in a timely manner to avoid being held liable for the activity. Some banks offer customers alert facilities so they can stay abreast of transactions and be alerted when, for example, a bill payment is due.
Consumers should also be wary of unsolicited messages supposedly from their financial institution — especially those asking them to provide personal or account-related information such as their PIN. They should also never click on links that point to websites since such links could also take them to websites that have been hijacked or spoofed. It is far better to manually type the URL into a browser, even when a realistic-looking logo is included in the message.
Use Specialized Software
Perhaps the best step consumers can take beyond the commonsense measures listed above is to download and use specialized software that is often provided for free by financial institutions and is designed to protect both the financial institutions themselves and their customers against cyberattacks.
One such software is IBM’s Trusteer Rapport, which provides an additional layer of protection against phishing attacks and redirections to fake websites. Designed to work alongside anti-malware controls and firewalls, Rapport protects information that is inputted by users, such as account numbers and PINs, from being stolen by malicious software such as Trojans. It can also protect consumers against other exploits, such as phishing, through the use of specialized algorithms and MitM attacks by preventing malware from being installed on a device. Rapport provides an additional layer of protection when it is downloaded and checks devices for the presence of existing malware before attempting to remove it. Many financial institutions worldwide encourage customers to download and use software like Rapport.
Many of the precautions that consumers should take when using online and mobile banking services apply to other services they use and are really commonsense precautions. However, given the nature of banking, it makes a great deal of sense to download and use specialized software provided by a financial institution in order to add an extra layer of security that will prevent consumers from becoming a victim of crime.
Senior Analyst, Bloor Research
Fran Howarth is an industry analyst and writer specialising in security. She has worked within the security technology sector for more than 25 years in an ad...