Mobile banking: 4 risks to watch
Education is a key factor in securing members’ financial data.
Nearly two-thirds of consumers use a mobile device to conduct banking transactions, according to Mobile Ecosystem Forum’s 2017 Mobile Money Report [PDF].
Mobile banking is a “must have” service for credit unions seeking to remain competitive and keep member satisfaction levels high. However, credit unions need to be aware of the risks associated with mobile banking and know how to address them.
Here are four of the top risks associated with mobile banking:
1. Mobile malware
Smartphones are nothing more than compact computers with an operating system and software. Just like with personal computers, smartphone users frequently are targeted by malware.
Mobile malware (e.g., banking Trojans) is designed to steal login credentials or hijack mobile banking sessions in “man-in-the-middle” attacks. This type of malware is spread by Phishing and SMiShing (SMS text message phishing) scams.
2. Phishing & SMiShing
Phishing attacks, typically carried out via email, have been a common way for cyber criminals to spread malware. But mobile banking users are also at risk to mobile malware infections via SMiShing attacks.
Mobile device users may trust SMS text messages more than email, and therefore may be more likely to click on links to malicious websites.
Educate members about the dangers that malware spread via phishing and SMiShing pose to their mobile devices and their finances.
3. Mobile banking apps
Using a dedicated mobile banking app tends to be safer for members than using a mobile web browser to log in to their accounts. This is because apps use secure coding techniques that may limit a cyber criminal’s ability to intercept and control a mobile banking session.
However, malware-laden, fake mobile banking apps designed to steal login credentials have been an ongoing problem for credit unions and their members. Warn members to only download mobile banking applications from trusted sources.
4. Unpredictable user behavior
Member behavior can present a challenge for credit unions. Many members have adopted safe banking practices on their home computers, such as not opening email attachments received from unknown sources and using antivirus software.
However, members may view their mobile devices as phones rather than computers capable of initiating financial transactions. Therefore, educating members on the importance of securing their mobile devices is critical.
A strong multifactor authentication method is essential for credit unions that allow members to initiate transfers to third parties via their mobile banking platforms.
While credit unions can use the mobile device itself as an authentication method, a device’s “fingerprint” shouldn’t be the only method you use since many devices, such as iPhones, have the same fingerprint.
Instead, consider using biometric authentication—a growing trend that uses fingerprint, retinal scan, and facial identification—to achieve strong authentication.
Keep in mind, multifactor authentication alone is not sufficient to protect member accounts. Credit unions should take a layered security approach to ensure other controls are in place to help stop potential fraud if one method is defeated.
Education is another key factor in securing members’ financial data. Use member-facing channels, such as email, social media, webinars, forums, etc., to make sure members understand and are prepared to avoid the risks involved with using their mobile devices.
KEN OTSUKA is a senior risk management consultant at CUNA Mutual Group.