This article in Forbes describes security issues associated with worldwide advances in mobile payments. One observation made is that mobile phone owners are the most common cause of a security breach. This in turn suggests every country should implement consumer protection laws that mandate mobile wallets implement stronger security measures.
The article also recognizes the benefits of keeping biometrics out of centralized databases but fails to specifically mention the FIDO standard:
“If a thief comes across an unlocked mobile, they can usually buy a certain amount of credit without needing to authenticate and then make purchases themselves. In the United States and Canada, this purchase limit can reach up to $100 while in Europe it is typically $55 (€50).
Many firms have avoided introducing verification for every transaction over fears that it can make mobile banking too cumbersome and risk losing clients to competitors. This paradox is known as ‘safe convenience.’
“We are witnessing a trend where security is an integral part of the innovation process,” explains Igor Pyatnitsky, the Vice President at Nullgravity, a Ukrainian full-cycle product development company. “Banking product development is not about balancing security and convenience, but making convenience safe and vice versa.”
Secondly, while it is rare, cyber-thieves can ‘spoof’ your mobile banking wallet if you add debit or credit cards while using an unsecured public or open Wi-Fi network. Rob Clyde, of the cybersecurity advisory firm Clyde Consulting, found that hackers were able to re-create a fake mobile wallet registration system for which a customer could enter in their card details.
Cybersecurity experts have advised customers to carefully study the logo and spelling of any mobile wallet company before making a transfer to look for fakes.Thirdly, once solely the preserve of the home PC or portable laptop, mobile phones are now becoming increasingly vulnerable to malware themselves.Cyber security firmSymantec SYMC +0% produces an annual report into mobile malware. Its 2018 findings discovered that the number of mobile malware attacks had increased by 54% from 2016 to 2017.
“While the attacks continue to evolve and mature, the same can’t always be said of the device user,” it read,“many users continue to make life easy for attackers by continuing to use older operating systems. In particular, on Android, only 20 percent of devices are running the newest major version.”
The Kaspersky Lab echoed Symantec SYMC +0%’s findings, concluding that mobile banking trojans – which mimic the existing platforms run by banks and are available for download – are some of the ‘most rapidly developing, flexible and dangerous types of malware.’
Once a customer has downloaded what they wrongly believe to be their banks interface and entered in their financial details, a fraudster can use their information to steal their money. Asacub, which is arguably the world’s most successful mobile banking trojan, has infected over 225,000 mobile phones to date.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group