Mobile Banking Still Harbors Some Dangers, But Is It Safe Overall?July 16, 2015 | Brian O'Connell
Mobile banking users may not know this, but 40% of mobile banking application developers “aren’t taking the right precautions” to protect end users from fraud and data breaches, according to a recent study by IBM.
That’s not all. The same study states that only 6% of total mobile app development is spent on security.
“That’s why one of my biggest concerns for mobile banking is the lack of security on the back end of a mobile banking app,” says Andrew von Ramin Mapp, CEO of Data Analyzers, a data recovery and computer forensics firm. “As more mobile banking apps come out, you may want to resist the urge to download one on your phone. The less apps on your mobile phone, the less chance of a ‘man in the middle’ hacker accessing communications and information, especially sensitive banking information.”
Some banking experts say the most realistic solutions for banks and mobile users are not to eliminate fraud – that’s not going to happen – but rather to limit it. “There will always be fraud,” says Robert Siciliano, an identity theft specialist at BestCompanys.com. “With an increase in mobile banking, there will be an increase in fraud simply because there are known exploits that fraud artists exploit more often like malware and check cashing fraud.”
Even so, mobile banking is still relatively safer than other forms of digital banking. “The low hanging fruit is still personal computers,” Siciliano adds. “There are hundres of thousands of viruses targeting mobiles, specifically Androids, but millions of viruses targeting personal computers. And, as the scams and scammers get more prolific, so will the fraud. But mobile is inherently more secure than PCs, or less ubiquitous or vulnerable, in comparison to tradional online banking.”
A big reason why mobile and online banking are so vulnerable to data hacks and fraud is because of the highly impersonal nature of digital financial technologies. “All computerized banking is just an overlay on the old security paradigm, which is face to face dealing with a bank employee,” notes E. William Horne, founder of William Warren Consulting. “It’s fairly hard to fake knowing someone and harder to forge a signature in the presence of an experienced teller, so the traditional method was ‘secure’ for practical purposes.”
Further poisoning the well is the fact that there has never been any meaningful standard of identity verification for online transactions, Horne adds. “The technology to do it is already proven and in place, but but banks are making too much money to care, by firing their old front-line security team like the teller at the local bank and substituting ATMs, online access and telephone response trees, all of which are set up to assume that the person using them is, ipso facto the account holder.”
Horne envisions a catastrophic loss when several mega banks are hacked at the same time, and billions of dollars are stolen. “Only then will meaningful security for online transactions be implemented,” he adds.
If there’s any good news for mobile banking users, it’s that many data thieves don’t deem mobile banking accounts worthy of their time, largely because there is bigger money to be made elsewhere “Mobile payments today are actually safer than many think, primarily becuase the big dollar hacks are against entire databases,” says Jason Chaikin, president of Vkansee, a fingerprint technology development firm. “Individual user accounts don’t have much appeal at this point because most of us aren’t worth the penetration attempt. But at the same time, as our mobile lifestyles continue to drive new conveniences – like shopping on your phone and securely paying with stored credit and debit cards – it makes sense to tighten up any weaknesses now before it’s too late.”
It’s also helpful for mobile banking users to be realistic. “People should know that criminals are running a business,” says Ricardo Villadiego, CEO of Easy Solutions, a banking security services firm. “Data thieves need to stay relevant and are investing a lot of money and effort into building cybercrime platforms for mobile environments, which will only increase.”
“Smart bankers will see mobile as another, more powerful transactional channel where fraud protection – in layers – makes the the most sense,” he added.