Smartphone usage has dramatically increased over the previous decade and this trend looks certain to continue into the foreseeable future. This has led to the emergence of an extensive range of mobile applications and other associated services for different purposes, including conducting important tasks such as online banking.
However, while this shift offers higher levels of user convenience, unfortunately it increases opportunities for criminals and fraudsters looking to gain access to additional sources of revenue.
This poses risks with devastating repercussions for both enterprises and end-users alike. While the key players within the industry have taken steps to counteract instances of fraud taking place by increasing investment in mobile fraud prevention, the risk to end users is often not given the attention it should.
This is especially the case when it comes to conducting online banking activities and making payments via mPOS applications. The following tips will provide insights into how you can increase your own awareness of the risks posed.
What are the risks posed?
A report was released in the second quarter in 2018 by RSA Security that drew attention to the fact that 39% of all mobile fraud conducted during the first quarter of that year was carried out on mobile applications.
There have also been reports that have highlighted that 46% of all banking fraud originates from mobile applications. This is due to fraudsters using malware, including trojans that have been specially designed to intercept and steal users’ credentials and then taking money from their bank accounts.
Concerns for Android Devices
The threat of trojans is especially an issue on Android devices due to the applications on the Google Play Store having to undergo less stringent checks before being available to download. There is also the issue that users can easily change their device settings in order to download apps from a range of sources, meaning that the possibility of downloading a rogue application is even greater.
Clearly there are increased risks for both financial enterprises and end users who conduct their banking via an application, the emergence of the Internet of Things (IoT), means that there are additional areas where fraudsters are in search of weaknesses to identify and exploit.
It is therefore imperative that both enterprises and end users are considering mobile device security and increasing investment in protecting applications from the outset rather than it being a mere afterthought.
Consider Security from the Start
Planning and implementing mobile device security from the start of the development process is essential and it should not be something that is considered as a secondary priority. Mobile applications differ to the web, which usually depends on server-side security, whereas applications on a user’s device require protection on the device itself.
Educating your developers about the importance of using secure coding from the perspective of a hostile environment means that you can have peace of mind that the application will be secure in the event of any data and security breaches.
Educate your Users
End users are more often than not the cause of a weak link in cybersecurity protection and are often the main source of failure. This has especially been the case as we have seen increases in spam and phishing emails as they have become increasingly sophisticated, meaning that more unsuspecting people are falling victim.
In addition to this, fraudsters are also branching out to other sources to obtain users’ details. These include social media scams and spoofing websites that are used to encourage users to input their personal details.
The majority of data breaches are caused by users’ credentials being illegally obtained to log in to a personal account. This is the preferred method of these looking to bypass a company’s cybersecurity controls and procedures, meaning that educating your employees regarding cybersecurity and the risks posed is imperative.
You should focus on the dangers of jailbroken or rooted handsets and the perils of downloading applications from unverified sources, as these are often created with the intention of being used for fraudulent purposes.
Fraudsters spend hours looking through employees’ social media profiles in order to obtain personal information that can be used during the password recovery process. Ensure that your users are aware that work and our personal lives are all interconnected via the Internet.