By : Dena Hamilton
June 19, 2017 06:00 PM
The range of devices consumers can use to access bank accounts and complete financial transactions is expanding all the time, delivering unprecedented choice and convenience. For providers, one of the big considerations that should accompany this expansion in technology is to have a corresponding response to the increased security threats.
Taking the mobile channel as a prime example, financial institutions need to be aware of the new and evolving risks that can arise as consumers become increasingly dependent on mobile devices to view their finances, manage their money and transact.
One of the big dangers is malware, an area where low consumer awareness or lack of action by businesses could create opportunities for fraudsters.
There is no denying the escalating threat posed by malware that targets mobile devices. According to the April 2017 Threats Report from McAfee and Intel Security, there were nearly 15 million different types of mobile malware in existence at the end of 2016, up from nearly eight million a year earlier.
Approximately two million new variants of malicious software targeting mobile devices emerged in the second and third quarters of last year, followed by at least 1.5 million more in the fourth quarter.
One of the most striking recent examples of this threat in action was ‘Judy’, a malware campaign targeting the Google Play Android app store that was discovered by researchers at Check Point. The researchers found that the adware – which created revenue for the perpetrators by generating large amounts of fraudulent clicks on advertisements – could have spread to up to 36.5 million users.
As far as the financial services industry is concerned, businesses in western markets have been urged to prepare for the possibility of mobile malware becoming a more prevalent threat. This has already happened in markets like China and India, where mobile malware has “created chaos”, according to Javelin Strategy & Research.
In its 2017 Mobile Banking Malware Report, Javelin noted that it is becoming increasingly common for smartphones to be the “nexus for consumers’ financial lives”. As a result, the value of penetrating these devices to fraudsters has increased substantially.
According to Javelin’s figures, mobile malware represents a threat to 7.7 million people in the US alone, putting approximately $221.5 billion in consumer assets at risk. The firm pointed out that one of the biggest dangers is the ability of some forms of malware to undermine common forms of user authentication, such as passwords, security questions and temporary passcodes delivered by SMS. Emerging capabilities also raise the possibility of malicious software overcoming more advanced authentication methods such as facial biometrics.
Al Pascual, senior vice-president, research director and head of fraud and security at Javelin, said: “The growing prevalence of mobile banking, mobile commerce and financial activities such as person-to-person payments offers fraudsters rich opportunities for phishing login and payment credentials. As financial institutions reduce reliance on passwords, the smartphone is fast becoming the new authentication nexus. In response, malware is evolving to target and overcome mobile channel authentication.”
There are a number of measures businesses can introduce to strengthen their defenses against mobile malware, one of which is boosting consumer awareness. Consumers should be advised to download only from official app stores and to install regular operating system updates. Additionally, consumers should also be informed of the dangers of ‘jailbreaking’ their phones – using programs to circumvent built-in security and manufacturer restrictions to bypass essential controls that are part of their device, in order to gain access to the device easier.
Financial institutions must also ensure they are investing in the most effective app security, authentication methods and malware detection to protect their customers against this increasingly concerning threat.