Authored by Ayelet Avni.
End users will always make mistakes; this the nature of being human. So let’s admit it: We are the weakest link when it comes to security. We do not always pay attention to the details — we just want to get it done and move on to the next thing.
To Err Is Human
These days, especially in the realm of mobile, we do things on the go. Sometimes we even do the important things, like listening to our children or talking to our spouse, while simultaneously doing something else. And increasingly, that something else is using mobile devices.
By doing multiple tasks at once and paying even less attention than normal, it becomes even easier to make a mistake. That could be clicking a link in an email without verifying the exact address or mindlessly entering your banking credentials on a mobile app that might not be authentic.
This lack of concentration creates a valuable — and dangerous — opportunity for fraudsters.
It is well-known that today’s cybercriminals leverage advanced technologies and have access to collaborative communities. Combine this with a victim’s unintentional mindlessness and the fraudsters basically have an open door to your data and money.
Mobile Fraud Is Escalating
Fraud attacks are creative and well-planned, and fraudsters learn quickly how to turn their targets into victims. For example, if a phishing campaign looks too obvious, then it may only fool audiences that aren’t security-literate. More informed targets require a more sophisticated campaign.
In the mobile arena, fraud attacks must be equally well-designed and provide an excellent user experience since customers are sensitive to design issues. In these cases, even a security-oriented audience may be tricked and believe that the bank is the one that asking them to reauthenticate as part of the app journey.
Fighting human nature and rejecting technology are both fruitless pursuits. Instead, the solution is to make sure banks and financial institutions implement the proper protections for online and mobile banking customers. If the user is the weakest link, it follows naturally that endpoint protection should be strong — stopping fraud at the very first stage.
Having protection on the mobile device for online banking is not a question of advantage or a great differentiator; it is essential. The trends that we see emerging and the speed at which mobile banking fraud is evolving should be a signal to us all.