The boom in the global economy and the digital revolution has unleashed a surge of scope for mobile banking. With the scampering growth in technology, the concept of carrying cash and wallets has become obsolete. Now is the hour of digital banking, carried out via mobile apps. The process is speedy and hassle-free, making monetary transactions easier and convenient than ever.
However, with technology advancing to newer avenues everyday, security has become the most important matter of concern. Moreover, by the virtue of being a pocket of the financial sector, mobile banking is twice as vulnerable as any other processes.
Areas of Concern:
The mobile threat scenario is growing rapidly, and institutions and consumers alike are wary of the risks. Following are the biggest thorns in this area which are increasingly puncturing the security shield of mobile processes.
- Mobile Malware – Trojans, viruses and root kits are the biggest threats to the mobile sector, especially in mobile banking. According to French telecom equipment company, Alcatel-Lucent, over 15 million mobile devices are infected with malware and the number is increasing by 20% each year. A research conducted by Valicom reveals that it is largely Android devices which are targeted because of their easy accessibility as declared by McAfee. The malware is accessed by visiting a website or downloading 3rd party apps. Researchers see an increase in mobile malware development in pace with market growth.
- Third-Party Apps – There are several apps which come from third parties with questionable security practices. Many a time, these apps are created by fraudsters with loaded malware.
- Unsecured Wi-Fi – The unsecured wireless network is the easiest way for fraudsters to get an access to mobile devices as well as into account information.
- User Behavior – Users’ tendency to download third-party apps and use unsecured wireless networks opens a window of opportunities for fraudsters to take advantage.
Below is an infographic representing a survey carried out by Valicom on mobile security.
Appvigil, a product of Wegilant, in a report covering India and the Asia Pacific region, states that 70% of the Top 100 mobile banking apps on Android OS are vulnerable to security threats and data leaks.While 99% of all mobile malware are detected in Android, iOS devices remain largely untouched.
The security analysis performed on these banking apps by Appvigil was completely automated. The major loopholes discovered in these apps are as follows:
- The most basic security checks like encrypted form of communication between the server and the app are missing in even the premium bank apps. For example, instead of HTTPS, these apps still follow HTTP format.
- Delay or premature time-outs in transaction processing are some of the easy gateways to the hackers.
- Redirecting leads to Data theft.
- Malicious bugs plantations, Java injections, SQL injections are rampant in these apps.
Following is a graphical representation showcasing the vulnerability count by percentage.
Due to the lack of tight security ensured by network and system administrators on the system clock accuracy and time synchronization, about 49% of users have stopped using these apps despite the convenience factor offered through this technology. Unsynchronized clock is a major dysfunction in most of the banking apps, often leading to discrepancies in the transactions. Mismatched timestamps leads to database and financial errors.
Given below is an infographic charting the vulnerabilities by severity.
Banks and financial organizations have always been vulnerable to cyber crimes. Hence, it is imperative for the banking organizations to build up a strong security system to safeguard the money of the consumers. Although a lot many banks do offer a variety of ways to protect the transactions through mobile apps – like authentications by e-tokens, OTP, confirmation of transactions through codes sent to the users’ phones, unfortunately hackers could still bypass these measures. Hence, the attempts made by the banks to secure the consumers’ money have proven to be futile.
The threat rate of mobile banking is alarming. The situation demands immediate addressal which is possible only by hardening the security shields in these apps and making these apps pass through several security checks before they are deployed.