We’re spending more time on smartphones and their apps and less time on laptops and tablets. Every day, new features become available on mobile, and there are more apps we’re willing to hand our data over to. With greater familiarity comes greater trust, and people are becoming increasingly comfortable with banking apps.
But with this exponential increase of apps and smartphone capabilities comes more exposure to cyber criminality. The mobile-first agenda has opened up more threat from a cybersecurity perspective. There are also more bugs that can be exploited, such as Apple’s Facetime bug, which allowed Facetime users to eavesdrop on others users without their permission, 2016 saw the largest distributed denial of service (DDOS) attack via the internet of things. Unsecured IoT devices were hacked and resulted in a botnet (a network of private computers infected with malicious software and controlled as a group in order to send spam). It caused online chaos and even lead to outages on Twitter and Amazon. Such threats are more prevalent today due to the abundance of IoT devices.
The banking industry is one of the top targets for attacks. It’s true that websites and apps, (both external and internal) have safety protocols written into them, but often it can be the human in the loop, with an all-too-human momentary slip in vigilance, who fails to detect the threat.
The burgeoning culture of BYOD (bring your own device) means that more and more people are bringing their own computers to work. This can create an efficient and relaxed atmosphere for employees but it means that identity and access management has never been more important in the workplace. Yes, automation can lead to businesses becoming more agile, but it can increase an organization’s attack surface, creating new vulnerabilities.
These days, digital banking and online payments are a fast and convenient way to manage our money. We can check our balances, pay for goods and services, and transfer money to our family and friends in a few clicks from any place, any time, any device and on any platform.
For the banks, it’s better too. It’s no surprise that they are keen to push a mobile-first agenda. Digital banking lowers the cost of tellers handling transactions by reducing the need for customers to visit a bank branch and removes the dependency on banks for trivial information and automation of certain non-value-added processes. And it’s slowly removing the need to have physical bank branch premises at all, such as ME Bank, the direct bank.
Mobile payments were first trialed in Finland in 1998 when two Coca-Cola vending machines were enabled with SMS payments. In time the idea caught on. In 1999, banks started to offer mobile banking to their customers. Although the concept of using non-coin-based currency systems isn’t new, it’s only recently that the technology to support it has become widely accessible.
So, is it all win-win for both the banks and their customers? If so, then why, in 2019, one in three smartphone users are still not using banking apps?
One critical reason could be a lack of trust in the technology’s security. Cybercrime rates are increasing year on year. It’s gone from an occasional annoying business challenge to having the potential to wreak havoc to your businesses function and untold, often irreparable damage to reputation.
Given the severe ramifications of a major security breach, it’s critical for banks to invest in innovative cybersecurity solutions. It’s like the old adage “prevention is far better than cure.” So, banks are investing energy, time, and expense in creating solutions that have proactive detection and response capabilities such as threat hunting of APTs (advanced persistent threats), and focusing on post-breach analytics to minimize the detection and remediation time.
The types of cybercrime that often affect banking are; unauthorized use while the owner is using the mobile banking service, remote hacking or jamming via the internet or telephone network data streams, and malware that seeks to steal credit card credentials. A particularly infamous recent malware was a trojan named “Bankbot”. It got past Google’s protections and targeted Android devices worldwide. The malware was activated when users opened a banking app, overlaying the screen to steal the user’s info.
Some features we’re starting to see that are making life more difficult for the cybercriminals and that assuage fears of potential mobile banking users are:
- Biometric and fingerprinting devices – an unfalsifiable way for you, and only you to gain access to your account.
- Behavior analysis – unusual behavior is flagged. Real-Time notification is sent by SMs and/or email. That’s not me! You tell your bank, and disaster can be averted.
- End-to-end encryption – this counters the massive threat of hacking by conducting security audits and penetration tests.
- One-time passwords – a great measure in the fight against cyber fraud. OTPs are requested for every transaction using an online or mobile banking interface. The password sent to the user’s smartphone via SMS. The password expires after just one use.
Mobile phones and the internet not only influence today’s modern society, but they are also defining it and so banks are understandably pushing the mobile-first agenda. Banks are working with technological partners to create the kinds of cybersecurity solutions that can more than meet the threat posed.
In order to counter this level of threat today, every cybersecurity-enabled organization should have embedded proactive checking, continuous monitoring, and a dedicated defense solutions department to:
- Ensure the proactive identification of attacks
- Identify the attack severity and spread mechanism
- Have an attack mitigation plan in place to build defense solutions
- Identify the source and keep track of it.
It is imperative to guide clients through every step of their digital transformation journeys and cybersecurity measures powered by the latest technologies should be integral in their digitalization journey. Customer trust is the lifeblood of the banking industry in which any breach of security could amount to a loss of reputation and client loyalty. The popularity of the smartphone means that the world is more connected than it’s ever been but as a consequence, it has widened the target for cybercriminals – we need to be more than up to the challenge.
The opinion expressed here is in a personal capacity and please feel free to write to me for suggestions, feedback or discuss more on cybersecurity and digital technologies.