Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mobile banking boom presents new risk, security concerns

A pedestrian walks by a Wells Fargo Bank office on Feb. 07, 2019, in San Francisco. (Justin Sullivan/Getty Images)

Already on the rise, mobile-based financial services have spiked in the past 18 months due to the COVID-19-related lockdowns and service limitations.

For U.S. financial service institutions, this trend is a mixed blessing: Out of necessity, tech laggard financial customers have finally come to embrace digital financial access, which is a more efficient channel for banks, investment firms and other providers to support. According to a recent survey from the American Bankers Association (ABA), the percentage of U.S. bank customers conducting mobile banking jumped from one-third of consumers (33%) before the pandemic to 44% using mobile banking services now. (Meanwhile, banking at branches, already on the downslide, has decreased an additional 10% in the past 18 months.)

“One undeniable impact of the pandemic is the rapid increase of online adoption, including consumers who have been reluctant to transact online in the past,” says Daniel Holmes, director for solutions consulting for LexisNexis Risk Solutions.

“A concerning factor, however, is that those now online may not possess the technical savviness akin to the more seasoned online user, opening the door for fraudsters,” he said. Indeed, with so many technologically inexperienced customers jumping into online and mobile services, fraudsters are witnessing a brand-spanking new (and naïve) market with whom to ply their scams.

Asaf Ashkenazi, COO and president of San Diego-based cybersecurity vendor Verimatrix, pointed out that the mobile banking boom, and the subsequent security concerns therein, have been hot topics at several recent financial conferences, including last month’s Money 20/20 event in Las Vegas.

“One of the more obvious trends our teams noticed was ... the hastening of the multi-year trend of ‘mobile-first’ banking,” said Ashkenazi. “Clearly, the pandemic made mobile-first a huge part of COVID-19-era banking and transactions.

“In the end, preventing fraud is still paramount to success,” Ashkenazi added, “and in doing so, a mobile-first approach puts a big spotlight on the security of the apps themselves.

The recent H1 UK Finance Fraud-The-Facts report pointed out that for the first time ever, banks lost more to online scams than they did to card fraud in the first half of 2021, Holmes noted.

“Scams take many forms and no longer just present themselves in the form of bogus lottery wins,” Holmes said. “They are carefully planned, well-timed operations, often using current events such as the pandemic as the convincing element.”

And while mobile financial access may appear to be an area where young consumers are well aware of threats, and older people are at a disadvantage, that isn’t always the case. As mobile banking has become more pervasive, the research data suggests that “victims are not always the older, less tech-savvy ones,” said Holmes. “Young people have grown up in a culture where it’s just more normal to share their data online, so they give less thought when they’re asked to share details or respond to someone on social media.”

Rene Perez, financial crimes consultant for core banking services vendor Jack Henry, pointed out that, “Fraudsters love chaos. They exploit it to its fullest, and this is what we’ve been seeing over the last 18 months.”

With that in mind, bad actors will play to the weaknesses of older FSI customers, as well as other people relatively new to mobile banking.

“Fraudsters are also aware of [mobile bank and payment trends] and they throw out the largest nets hoping to grab someone to exploit,” said Perez. “As we start to adapt to a new digital world many people do not understand what threats come with this new environment and how they can be exploited.”

"This is a massive target opportunity, to make scams so appealing to fraudsters,” said Holmes. In order to address the detection of scams, banks are being forced to overhaul the way in which traditional fraud detection is carried out, Holmes added. “No longer are you looking for unauthorized access from an unusual device and location. Now you have to spot the anomaly within a legitimate user transaction that the victims themselves are orchestrating.”

An effective strategy, Holmes said, in this brave new, mobile-first world must combine “technology adoption, data sharing, machine learning-led transaction monitoring and arguably, most importantly, strong education and awareness campaigns.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.