Banks must do more to protect customers from fraud
A security expert has strongly urged banks to step up security efforts in mobile banking, saying that common authentication processes are carrying too much risk. Guy Cooper, who is General Manager Aspect Proactive Engagement Suite (PES) at customer engagement firm Aspect Software, said that common verification procedures, such as sending one-time passcodes by SMS in isolation, could be threatening the security of millions of people’s personal data globally.
Online banking has recently reached a record number of transactions, moving £1bn worth of payments per day, with ABI Research estimating that there were over 70 billion smartphone and tablet applications downloaded globally in 2013. But Cooper suggests that the intrinsic insecure nature of mobile devices has been like a welcome mat to fraud.
He said: “The increased focus on the customer experience, thanks in part to seven-day switching, has taken investment in innovation away from security. Mobile devices intrinsically have less authentication, more sharing of data, insecure communications channels such as SMS, and so on. They’re easier to crack than desktop PCs, and with many popular applications defaulting to cloud storage, or saving passwords or PINs, anyone who has access has free reign.”
Cooper also suggests that there is an alarming undercurrent of relatively unknown security threats building on the back of the increase in mobile banking transactions, as practices such as ‘SIM Swap’ largely escape public attention. SIM Swap occurs when someone unlawfully obtains a duplicate SIM card for a mobile number, fundamentally re-directing communications back to the fraudster.
“The scary thing is that SIM Swap is sneaky; the victim is unlikely to find out for days, and all of the content on a mobile will be vulnerable. A fraudster only needs a minute to practically bankrupt you. Security methods that once worked, are now redundant as hacking methods get more effective,” he commented.
Fran Howarth, Senior Analyst at Bloor Research, added: “Fraud is a significant challenge for financial institutions, which they must tackle if competitiveness is not to be eroded. These SIM attacks show how criminals are increasingly seeing mobiles as a viable attack vector, which therefore increases the importance of implementing mobile security controls.”
Aspect works with banks and financial services globally to optimise every facet of customer engagement, including deploying sophisticated fraud detection and multi-factor authentication technology (such as divert detection and location checks, to ascertain user identity). In this way, banks can also avoid the frustration of having to block the bank accounts of people with legitimately swapped SIM cards, and telcos don’t need to cut off a tariff holder – for example, if someone buys a new phone.
Cooper concluded: “Ultimately, the onus is on banks to protect their customers. Put it this way, nobody puts anti-virus software on their phone. As technology develops, mobile will be in a much better position to eventually replace usernames and passwords with convenient multi-factor authentication.”