Published on January 16th, 2019 | by Sunit Nandi0
Key mobile banking risks and how to avoid them
For many people, mobile banking has become the norm. Rarely setting foot in a local bank branch and seeking faster service than a call to telephone banking provides, everyday modern banking is increasingly done online from smartphones, tablets and laptops. You can access your bank accounts any time, anywhere, making payments and transferring funds at the click of a button. But this level of convenience is not without its risks.
Remote banking fraud totalled £156.1 million in 2017 in the UK alone even in the presence of AML compliance software, a 14% increase on 2016. Around the world, mobile banking Trojans have increased 60% in the past year – and the RSA say that 60% of digital banking fraud and 62% of identity theft now comes from mobile.
These figures are cause for concern, but there are easy ways to protect yourself against the key security threats in mobile banking. The best place to start is by understanding the risks at hand.
Corrupt or Fraudulent Apps
While mobile banking apps are usually designed to be safer than logging in to your account from an ordinary mobile browsing window, they sometimes come with vulnerabilities that leave your details open to exploitation. Worse still, the apps you install might not be legitimate mobile banking apps at all.
Mobile banking Trojans – malware and ransomware files disguised as legitimate apps – have been identified in cyberattacks in 164 countries around the world. Designed to steal money directly from users’ bank accounts, this type of attack has been most common in the USA, Russia and Poland so far in 2018, with unsuspecting users downloading software that appears initially to be the real deal, but which steals ID and banking credentials when entered.
Before downloading a new app to your device, check that the permissions it asks for – such as access to other data within your device – correspond with what the app is supposed to do. Only install apps from trusted sources like the Google Play Store and Apple’s App Store, and ensure that your device has appropriate virus scanners in its security system to flag and remove suspicious downloads.
Perhaps the best known, but the most overlooked mobile banking risk, is unsecured Wi-Fi. Public networks, like those you find in coffee shops and train stations, are often unencrypted or offer only the most basic protection against cyber-criminal activity. Accessed by countless users and devices at any given time, a lack of end-to-end encryption means that anyone who manages to gain access to your connection can view personal and private data with relative ease.
While free Wi-Fi networks can be a lifesaver if you’ve run out of data or just can’t get a good 4G signal, it’s important to secure them as best you can before transferring sensitive data like personal banking information, if you’re going to use them at all.
Using a Virtual Private Network or ‘VPN’ is the most straightforward way, allowing you to add a layer of heavy encryption to your activity via a simple app interface. This way, any hackers who try to intercept your connection can only see a nonsensical collection of characters – rather than account numbers, sort codes and payment details.
Secure Sockets Layer certificates, also known as SSL certificates, are used by most websites nowadays to encrypt the data you provide them with. When your browser displays HTTPS instead of HTTP, it’s a sign that SSL certificates are in place – with the added security often indicated by the presence of a green padlock in your URL bar. HTTP sites are considered so insecure that many browsers will now try to prevent you accessing them at all.
While online retailers and mobile banking services almost always have SSL certificates set up, this doesn’t mean your connection to their webpages is entirely safe from hacking. An attack known as SSL stripping remains a key risk – this being the process whereby a hacker redirects a web user’s activity to an SSL-free proxy server without their knowledge. Your screen will likely still display an HTTPS URL and reassuring green padlock symbol, hiding the fact that your web traffic is being redirected via an unencrypted, easy-to-view connection.
Much like unsecured Wi-Fi, this is a risk you can mitigate by using a VPN. Rather than relying on individual website providers to keep your data secure, you can browse the web through a private tunnel of encryption – so that even if someone redirects your connection, your stream of activity will remain indecipherable.
Alongside mobile banking Trojans, a range of other malware formats often find their way onto mobile devices. Though home computers and laptops often come with antivirus packages and other security add-ons, mobile phones and tablets are commonly left exposed.
Malware specifically targeting mobile devices has become a prominent threat to online security, not just in mobile banking but in other areas as well. From malvertising and spyware to typical viruses and rootkits, an infection on your device could come from a malicious email or SMS link, and serve any purpose from draining credit or keylogging, to linking your device with a botnet.
The easiest way to protect against a mobile malware infection, aside from basics like learning to recognise phishing emails, is to install mobile antivirus and run regular scans.
Even devices which claim to be impenetrable to viruses have fallen foul of attacks, so while some smartphones and other pieces of portable tech may be more secure than others, complacency can still put you at risk.
By using a VPN app, installing defensive mobile antivirus and staying informed on ways to spot suspicious activities, keeping your details safe when banking remotely couldn’t be easier. Simple steps to improve the security of both your device and its connection are all it takes to create extra layers of defence against cyber crime.