Much has been written about the impact of smartphones on mobile banking and mobile commerce. The Federal Reserve, for example, predicts that 43 percent of bank customers will use their smartphones for banking by the end of the year. Without question, a top trend in 2013 is the continuing expansion of mobile banking; along with this expansion, however, is the escalating and ever-changing battle to maintain account security — the primary concern among consumers. According to a report by Metaforic, a security software company, 68 percent of smartphone owners are holding back use of mobile banking because of security fears.
Consumer and business customers will continue to ask for — and expect — expanded mobile banking services, such as remote deposit capture, bill pay, ACH payments, person-to-person payments and financial management tools. Yet, each new service means accounts are more exposed to fraudsters launching increasingly sophisticated attacks. And the impact of a fraud attack on a financial institution is significantly more than the nominal fraud loss itself, according to Tiffany Riley, vice president of marketing, Guardian Analytics. Fraud attacks result in lost productivity due to investigation, legal costs and cost of remuneration, as well as lost customer trust, lost business and tarnished reputation.
“Mobile banking is significantly more susceptible to fraud because of how account holders treat their smartphones — like phones, not like the computers that they are,” said Riley. “Smartphones hold a lot of personal information — friends, phone numbers, passwords, online banking links, personal information used in challenge questions — making the phones very attractive to fraudsters. Account holders have been reasonably well trained in how to use their computers safely, but they’re not translating that behavior over to their smartphones. They click on links in text messages from unknown parties, download apps from unsecure app stores, click on QR codes that fraudsters place over the original, and give their phones to children who will download and click on anything. And few people password-protect their phones, leaving all information readily available to the finder should the owner misplace their phone.”
The lack of security-conscious consumers has placed an even greater burden on financial institutions; however, Riley suggests four steps that can help ensure the continued security of customer accounts:
1. Monitor account holder activity from login to logout; not just the device, or login credentials, or just the transaction, but everything each account holder is doing throughout every online and mobile banking session.
2. Assume the device has been compromised. While anti-malware and anti-virus software are still valuable components of a layered security strategy, FIs have a better chance of detecting fraud if they build out their layers with the assumption that that first line of defense has been breached.
3. Be proactive; do not wait for the transaction. The best time to prevent fraud is in the early stages of account compromise, reconnaissance and fraud setup.
4. Use your best strategic advantage over the fraudster: knowledge of each client’s unique behavior. Behavior-based anomaly detection solutions, such as Guardian Analytics’ FraudMAP, uniquely monitor all online and mobile banking activity, from login to logout, to determine if the activity during any banking session matches prior activity by the legitimate account holder or is suspicious enough to warrant a higher level of scrutiny and authorization.
Edmund Burke, 18th century political theorist and philosopher, once said, “You can never plan the future by the past.” That is never truer today. Banking professionals must plan for the future by adapting to new opportunities in mobile banking while constantly preparing for new security challenges.
Michael Scheibach is executive editor of BankNews.
Copyright (c) February 2013 by BankNews Media