BOSTON-Despite the sophistication of fast-growing mobile banking services, the greatest fraud-fighting tool in this emerging area is basic consumer education.
Analysts agree that the biggest impact financial institutions can have on slowing down or stopping fraudsters is by explaining to their mobile users the safety measures they need to take themselves when setting up, managing and using their smartphones.
Those same analysts say that fraud tools used for Internet banking, such as multi-factor authentication, are proving to be portable to mobile and effective. They added that criminal activity through mobile channels is increasing, but fraudsters won't give it their full attention until a greater mass of mobile users and activity is achieved.
All the downloadable apps, the multifunctional capability of the smartphone, and the fact the devices are carried out of the home increase the risk for fraud attacks, said Shirley Inscoe, senior analysts at the Aite Group.
"I see the weakest link now being that financial institutions have not educated consumers well," Inscoe said. "Sure, we come out with great new mobile technology and tools to fight fraud, but if consumers are not educated on some of the simple steps they can take, there is little a bank or credit union can do to protect them."
Inscoe said FIs need to get down to the basics, such as passing onto consumers how to set a passcode on their phone and have it time out if the device is not used for a period of time.
"It's important to update the phone's software. We have seen Apple and Android come out with security enhancements, but if people don't update their phone's software they won't take advantage of the upgrade," observed Inscoe. "And do consumers know to install anti-malware software on their phones? Many don't know that and fewer keep it up to date if they have it."
New Social Engineering Risks
Outside of understanding how to manage their phones, consumers need to pay more attention to proper usage, said Inscoe. "It's about., for example, making sure you are using a secure wifi connection. So if you are in a library, don't use the library's wifi. A hacker can intercept and take over the session."
Much of the education, sources reminded, is not entirely new to consumers, and it's the financial institution's job to make sure their mobile users understand that many of the same security precautions used for Internet banking apply to the phone. Therefore, consumers need to understand that strategies to guard against phishing attacks are the same for smishing.
"It's just a little bit different for mobile devices and consumers need to be trained a bit more on what to do and expect," said Calvin Grimes, product manager for mobile solutions at Fiserv, Brookfield, Wis. "We have been telling consumers not to share personal info via e-mail. Now that advice extends to the text message. There are bad guys who will try to spoof SMS messages. There is a lot of social engineering risk with this new channel."
With consumers being somewhat unfamiliar with new mobile channels, Grimes stressed the importance of clearly conveying to the member how the credit union will communicate to them via the mobile app or text message. "If they understand how the credit union will approach them, they will know when it is the CU reaching out to them and not a criminal."
All the free apps available for smartphones, sources agreed, lead many consumers to download first and think second, opening up a big area of risk. They emphasized reminding consumers to only download secure apps, but make sure they understand which is the right app to download from their financial institution.
Reminding Members of Risks
Jim Hanisch, EVP of network operations and corporate development for CO-OP Financial Services, Rancho Cucamonga, Calif., said the educational task may seem simple, but he is concerned it's not always being done.
"Over the past 10 years we have all become cognizant of online security, password protection, and not being phished. These same risks present themselves in the mobile world, and we have to make sure we educate members about them again-make them aware there are the exact same risks, and potentially greater, in the mobile arena."
For info: CO-OP Financial Services: www.co-opfs.org; Aite Group: www.aitegroup.com, Fiserv: www.fiserv.com
To read related stories, go to www.cujournal.com and search the following headlines:
How To Develop A Baseline Risk Analysis-October 3, 2011
How School Employees CU Reduced Fraud Loss-September 19, 2011