F
For most people today, mobile devices
are an essential part of life. We can
track our steps, our sleep, our calorie
intake, manage our online banking,
use the mobile device for transactions,
access emails, schedule appointments,
to name just a few of the modern
functions of a mobile on top of other
traditional ones like making calls and
sending messages.
The information stored on these devices
is now with us the majority of the time.
It means it’s incredibly important that
those devices are fully secured, with
cybercriminals increasingly targeting
mobile devices according to research.
Securing the mobile channel
Here, Will LaSala, Director of Security
Solutions, Security Evangelist,
OneSpan, discusses the importance
of securing the mobile channel, how
criminals are increasingly targeting
banking customers via their mobile
banking apps and how banks and
financial institutions can combat this.
There’s never been a greater need to
secure the mobile channel, which has
fast become the target of choice for
criminals. UK banking customers lost
£500 million to scams in the first half of
2018 and customers are increasingly
being targeted via mobile banking apps.
For example, SIM swap fraud, which
involves hijacking phone numbers to
gain access to mobile accounts has
increased by 60% since 2016.
One of the biggest challenges banks and
financial institutions face in preventing
mobile banking fraud is that mobile
applications reside on customers’
devices: an environment largely outside
of the bank’s control. Users can become
the weak link in security and there are a
number of things that could leave them
more vulnerable to attacks and threaten
the mobile environment that the banking
app resides on.
Will LaSala, Director of Security Solutions,
Security Evangelist, OneSpan
www.intelligentciso.com
|
Issue 08
For example, jailbreaking devices to
download free apps can mean malware
has the ability to access banking
credentials. On the other hand, a
customer may regularly connect to
FEATURE
public Wi-Fi networks or postpone
critical software updates on their device,
leaving security patches exposed.
Another growing problem is that both
the malware and criminals’ techniques
are becoming more complex and
sophisticated. For example, today’s
mobile malware can leverage a
program’s code to make the app
itself a threat. Malicious actors can
reverse engineer apps to modify the
core functionality or create an exact
duplicate, which when downloaded will
silently install other apps that steal data
from the user and the mobile device.
With all of this in mind, it’s crucial that
mobile banking apps are able to protect
themselves in untrusted or compromised
device environments to reduce the risk
of mobile banking fraud.
Application shielding technology
proactively detects and prevents
application-level intrusions in real-
time and means that even if a user
There’s never been
a greater need to
secure the mobile
channel, which has
fast become the
target of choice
for criminals.
has unknowingly downloaded a virus
or malware onto their device, the app
itself is protected and the data and
transactions made within it are secured.
This technology is also context-
aware and prevents attackers from
injecting malicious code into an app
and repackaging it for distribution in
unofficial marketplaces or websites, as
was seen with the popular Fortnite app
earlier this year.
49