Mobile Banking and the Risks
There is no doubt that mobile banking is going to become very significant in 2014, if it isn’t already. In the United States, a quarter of all people selecting a bank say mobile banking is a “must-have”. In parts of the developing world, mobile banking is even the dominant form of banking. There is no doubt anymore that mobile banking is a big part of the banking landscape – which means, of course, that it is bound to become a big part of the threat landscape as well.
In the past, smartphones were generally used to help protect normal online banking transactions. Banks would send users a Transaction Authorization Number (TAN) via SMS that they would have to enter on their PCs to verify that a transaction was valid. It’s essentially a form of two-factor authorization that improves security by providing a second means of authentication for users.
However, in mobile banking, this second form of authentication is usually not present. This leaves users just as open to banking threats as they were elsewhere without a TAN in use: malware on the mobile device can act as a man-in-the-middle Trojan and carry out information theft as easily as they would on other platforms. This is something we explicitly talked about in our predictions for 2014.
So, what can you do to help protect yourself? I discuss that topic in the video below.