PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Mobile Banking: Big Business, Big Target

By JT Keating
December 10, 2018
in Banking, Debit, Emerging Payments, Fraud & Security, Industry Opinions, Security
0
10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Mobile banking

Mobile devices now constitute the majority of web traffic globally, and consumers are embracing mobile banking in record numbers. Meeting customer demand for mobile banking presents opportunities for banks to differentiate themselves – but providing mobile banking applications also entails significant risk.

SC Magazine reported that an analysis of mobile applications from 50 of the world’s top 100 banks found all to be vulnerable to several security threats. In fact, the apps had an average of seven security flaws, and put half a billion mobile banking customers at risk.

Mobile strategies that mitigate security risks and provide safer transactions will gain a significant advantage in the highly competitive and fast-growing marketplace for mobile banking.

Mobile Banking Is a Big Business…

The first quarter of 2017, when 50.03 percent of global web traffic was from mobile devices.
The first quarter of 2017, when 50.03 percent of global web traffic was from mobile devices.

The mobile tipping point—the point at which more people used mobile devices to access the web than desktop devices—came in the first quarter of 2017, when 50.03 percent of global web traffic was from mobile devices.

Banking has been squarely in the center of the mobile evolution. Business Insider described the situation succinctly, noting that mobile banking is “all but required — millennials, for example, will leave financial institutions that don’t offer the service.”

Think of this as the tip of the iceberg. Projections vary, but the number of mobile banking users globally is predicted to double to 1.8 billion by 2019, with Juniper Research anticipating that over 2 billion mobile users—one in three adults globally—will have used their devices for banking purposes by the end of 2021.

…And a Big Target
Unfortunately, the market’s enthusiastic embrace of mobile banking has made apps and users attractive targets for cybercriminals. Already, 60 percent of mobile malware specifically targets financial information. The sheer volume of mobile transactions has already passed critical mass and has made attacks on mobile banking applications a priority for attackers. Even in this relatively early stage of mobile adoption, smartphone users log into their mobile banking apps an average of 18 times per month.

As app capabilities expand, mobile banking activity will continue to increase, and the corresponding surface area that cybercriminals can attack will grow along with it. But the reality is that mobile banking applications already have significant vulnerabilities today.

The Security Challenges of Mobile Banking Development

Accenture reports that one in four mobile banking applications today includes at least one high-risk security flaw.

43 percent of mobile device users do not use a passcode, PIN or pattern lock.
43 percent of mobile device users do not use a passcode, PIN or pattern lock.

It also found that 35 percent of communications sent by mobile devices are unencrypted and 43 percent of mobile device users do not use a passcode, PIN or pattern lock.

Additionally, in a recent survey by Credit Union Times, 61 percent of respondents saw improving the security of apps and websites as one of their main priorities. How can it be that even security-savvy banks struggle to deliver mobile application security? The simple fact is that customer demand for mobile banking is far outpacing the industry’s ability to deliver ironclad security in the quickly evolving mobile device ecosystem.

Mobile application developers face significant pressure from two different market forces. First, customer demand and competitive pressure are both stronger than ever before. Customers continue to show a huge appetite for expanding their use of mobile banking. To keep up with customers, developers often focus on features rather than security. As deadlines loom, development shortcuts become more appealing, and developers will at times use unvetted, open source code for mobile functions.

Second, while surveys consistently show that mobile banking customers value security in principle, most do not prioritize security in practice. As noted earlier, many mobile device users do not follow essential security practices such as the use of PIN codes or updating to the latest operating system. This exacerbates any vulnerabilities that developers inadvertently allow into their banking applications.

Attack Goals
All of the challenges that mobile banking application developers face can create vulnerabilities for cybercriminals to exploit. Although this is by no means a comprehensive list, consider the following targets for cybercriminals:

  • Credentials / Access. Attackers may seek users’ mobile banking credentials to access accounts and commit theft.
  • Personal data. Cybercriminals focus on potentially high-value customer data such as social security numbers, dates of birth and other sensitive information.
  • Cardholder data. Mobile banking attacks can seek to gather card-specific data such as card numbers, expiration date information and CVV data.

In addition to data, the common goal across attacks is ultimately to compromise and gain control of the mobile device itself. Cybercriminals aim to compromise devices—via malware, network-based attacks, phishing, etc.—so that they have long-term access and ongoing opportunities to do more damage.

Moving Forward: How We Can Properly Defend Mobile Apps and Sessions

Banks must overcome the barriers to mobile banking security by securing mobile banking applications themselves. They must also account for the reality of consumer devices and networks that are far from clean.

Banks should implement basic security measures such as app shielding, obfuscation and encryption. Mobile banking apps also need to be defended against the unclean and dangerous consumer devices upon which they are installed. Mobile apps need self-defense capabilities, such as the ability to detect if a user’s device is compromised, if any network attacks are occurring and even if malicious apps like BankBot are installed. Once the app determines that a device is under attack, it should initiate predetermined risk mitigation actions. Here are a few examples:

  • If a man-in-the-middle (MITM) attack is occurring, the app should automatically establish a VPN to create a secure tunnel.
  • If a device has phishing malware like BankBot installed, the app should trigger immediate steps to freeze access until the user resets their password online.
  • If a device has been “jailbroken” by the user, the app should allow the session to continue, but raise the user’s fraud score to account for the additional risk.
  • If a device has been compromised by an external actor, the app should display
    a dialog box asking the user to complete their transaction offline.

With self-defense security embedded in mobile apps, banks can focus development efforts on innovations that will delight customers and increase customer loyalty.

10
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: Fraud Risk and AnalyticsMobile AppMobile BankingSecurity

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    supply chain payments

    The Payment Process: The Supply Chain’s Most Overlooked Cyber Risk

    July 17, 2025
    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    July 16, 2025
    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    July 15, 2025
    Embedded Finance

    Embedded Finance: Bringing Payments Under a Single Umbrella

    July 14, 2025
    Making Real-Time Payments a Reality

    Fulfilling the Promise: Making Real-Time Payments a Reality

    July 10, 2025
    mortgage

    The Rich Benefits of In-House Payment Systems

    July 9, 2025
    digital cards

    Beyond Plastic: Why Digital Cards Are the Future

    July 8, 2025
    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    July 7, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result