Mobile banking fraud trends
•
4 recomendaciones•2,125 vistas
How is mobile is transforming the banking industry and the fraud concerns with it? 41st Parameter, part of Experian, looks at how the banking industry is changing to adapt to new mobile technology and the new forms of fraud that exist as a result.
Recomendados
Recomendados
Más contenido relacionado
Destacado
Destacado (20)
Mobile banking fraud trends
- 1. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Basic Authentication No Longer Sufficient • Digital consumers increasingly difficult to authenticate • Tablet / smartphone explosion • Flash and cookies crumbling • Challenges of decreased visibility • Hard to recognize returning customers • Trust impossible due to online anonymity • Authentication options increase friction • Attackers mimic legitimate user behavior • Need complete history of devices, transactions, and behaviors
- 2. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. • Malware a common culprit in major breaches • Leads to credential compromise • Mobile malware spreading like wildfire • Android OS targeted 90%+ • Often delivered via malicious apps or SMS • New variants released every day • Millions of victims worldwide Malware Growth Continues
- 3. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Malware Growth Continues - Apple Insider
- 4. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. • Primary account takeover enabler • Circumvents authentication without device intelligence Which site is fake? Malware Growth Continues
- 5. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Malware Growth Continues • No end in sight to the threat • Only 5-15% of users adopt endpoint malware detection • Malicious apps difficult to police • Mobile malware a major risk with new mobile services THE CHALLENGE Malware typically steals credentials – fraudsters steal the money
- 6. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Mobile Expansion Introduces Risk Mobile Money lets customers do most everything they would otherwise do with traditional checking accounts… including depositing checks with smartphones, making retail purchases, paying bills, and withdrawing cash from 42,000 ATMs
- 7. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Mobile Expansion Introduces Risk SMISHING Unsolicited text messages that prompt users for credentials PHARMING Imposter mobile banking sites that steal credentials SMS TROJANS Malware that sends texts to premium rate numbers ANDROID TROJANS Targets contact detail in Address books (Loozfon) and attempts to remotely control mobile device (FinFisher) ZITMO (Zeus in the Mobile) Malware targets mobile transaction authentication numbers, masquerades as a security update
- 8. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. Mobile Expansion Introduces Risk 90% 48% 42% 33% 26% 21% 11% Check account balance or transaction Download bank’s mobile app Transfer money between accounts Receive text message alerts from bank Make bill payment from web site or mobile app Locate closest ATM location Deposit check using phone camera Some online banking features are ONLY available via mobile app
- 9. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. • Dramatic shift in the distribution of devices • Mobile is a powerful enabler of revenue AND fraud • Offerings designed for anytime, anywhere sales, NOT fraud prevention • Limited cookie and Flash support • Loyalty offerings reward customers but attract fraud takeover THE RISK Attackers quickly exploit security gaps in new mobile offerings Mobile Expansion Introduces Risk - Baynote
- 10. © 41st Parameter. All Rights Reserved. CONFIDENTIAL. ©2014 Experian Information Solutions, Inc. All rights reserved. Experian Public. To learn more about 41st Parameter please visit: http://ex.pn/1yYb3u6
Notas del editor
- Translate davids malware discussion to mobile
- Mobile banking itself has become very mainstream. 90% of surveyed users have checked their account balance or recent transaction through mobile banking.
- Online Loyalty Programs and Personalization Personalizing customer experience Fraudsters gaining access to customer accounts - Using accrued points to make purchases Brand concerns Mobile fraud growing through expanded functionality Layered security controls must match the risk of new services (consumer wires, mobile deposit, etc.) Native app ensures most granular prints and deepest context - mobile deposit is the new Nigerian “419”, dating, or other scam point of inflection - most FIs are still securing mobile channel We have seen a drastic change in the make-up of devices being used by consumers -- mostly driven by the convenience of tablets and smartphones, where we saw 35% YOY growth recently (http://www.the41.com/buzz/announcements/41st-parameter-data-shows-35-percent-year-over-year-growth-mobile-commerce) -- but overall card-not-present attacks appear to be relatively stable and that latest growth channel is rarely being used to commit the actual frauds. We have seen cases in financial services where new functionality like mobile deposits, P2P transfers, wires, etc. being opened up to consumers via native applications provides an opportunity to avoid highly-secured online authentication or back-end controls to perpetrate fraud, but the bulk of mobile fraud still appears to be an easier means to compromise credentials via nefarious links, SMS, phishing, etc. as consumers fail to treat their phones/tablets with the same level of care and responsibility applied in the online space. Those compromised credentials are often then used by attackers in the online channel to stage and commit the fraud since mobile channels typically have fewer "cash out" options at this time. That will likely change as institutions rush to differentiate themselves through new mobile features, so proper security (and broad visibility via device intelligence) is a must.