How is mobile is transforming the banking industry and the fraud concerns with it? 41st Parameter, part of Experian, looks at how the banking industry is changing to adapt to new mobile technology and the new forms of fraud that exist as a result.
Mobile banking itself has become very mainstream. 90% of surveyed users have checked their account balance or recent transaction through mobile banking.
Online Loyalty Programs and Personalization
Personalizing customer experience
Fraudsters gaining access to customer accounts - Using accrued points to make purchases
Brand concerns
Mobile fraud growing through expanded functionality
Layered security controls must match the risk of new services (consumer wires, mobile deposit, etc.)
Native app ensures most granular prints and deepest context
- mobile deposit is the new Nigerian “419”, dating, or other scam point of inflection
- most FIs are still securing mobile channel
We have seen a drastic change in the make-up of devices being used by consumers -- mostly driven by the convenience of tablets and smartphones, where we saw 35% YOY growth recently (http://www.the41.com/buzz/announcements/41st-parameter-data-shows-35-percent-year-over-year-growth-mobile-commerce) -- but overall card-not-present attacks appear to be relatively stable and that latest growth channel is rarely being used to commit the actual frauds. We have seen cases in financial services where new functionality like mobile deposits, P2P transfers, wires, etc. being opened up to consumers via native applications provides an opportunity to avoid highly-secured online authentication or back-end controls to perpetrate fraud, but the bulk of mobile fraud still appears to be an easier means to compromise credentials via nefarious links, SMS, phishing, etc. as consumers fail to treat their phones/tablets with the same level of care and responsibility applied in the online space. Those compromised credentials are often then used by attackers in the online channel to stage and commit the fraud since mobile channels typically have fewer "cash out" options at this time. That will likely change as institutions rush to differentiate themselves through new mobile features, so proper security (and broad visibility via device intelligence) is a must.