The increasing usage of Smartphone’s has enabled individuals to use various applications including mobile banking applications. More and more individuals have started using mobile applications for banking as compared to the traditional desktop/Web-based banking appli-cations. Mobile banking refers to the use of a Smartphone or other cellular device to perform online banking tasks while away from your home computer for various uses such as monitoring account balances, viewing mini statement, ac-count statement, transferring funds between accounts, bill payment etc.
Threats to Mobile Banking
Mobile Banking Malwares:
There have been incidents that involved sophisticated virus infecting bank’s mobile apps users to steal pass-word details and even pre-vent two-factor authentica-tion, by presenting victims with a fake version of the login screen when they ac-cess their legitimate bank-ing application. A key vector by which the mobile banking malware get into the mobile device is through malicious applications posing as legiti-mate applications that users download and then become infected.
For prevention against Mal-ware attacks:
Download and use anti-mal-ware protection for the mo-bile phone or tablet device.Keep the Banking App soft-ware up to date: Using the latest version of software allows receiving important stability and security fixes timely.Use security software: Ap-plications for detecting and removing threats, including firewalls, virus and malware detection and intrusion-de-tection systems, mobile se-curity solutions should be installed and activated.Reputed applications should only be download onto the smart phone from the mar-ket after look at the develop-er’s name, reviews and star ratings and check the per-missions that the application requests and ensuring that the requests match the fea-tures provided by that appli-cation.
Phishing/Smishing/Vishing Attack
An attacker attempts phish-ing on to a mobile phone through SMS (Short Mes-sage Service), text message, telephone call, fax, voice-mail etc. with a purpose to convince the recipients to share their sensitive or per-sonal information.
For prevention against phishing attacks:
Emails or text messages asking the user to confirm or provide personal information (Debit/Credit/ATM pin, CVV, expiry date, passwords, etc.) should be ignored. SSL (Se-cure Sockets Layer) and TLS (Transport Layer Security) should be adequately imple-mented in mobile banking apps thus helping to prevent phishing and man-in-the-middle attacks.
Jailbroken or Rooted Devices:
This is practiced to gain un-restricted or administrative access to the device’s entire file system, at the risk of ex-posing the device vulner-able to the malicious apps download by breaking its inherent security model and limitations, allowing mobile malware and rogue apps to infect the device and control critical functions such as SMS. Thus the mobile bank-ing app security is exposed to extreme risk on a jailbro-ken device.
Outdated OSs and No Se-cure Network Connections:
Risk factors such as outdat-ed operating system ver-sions, use of no secure Wi-Fi network in mobile devices al-low cybercriminals to exploit an existing online banking session to steal funds and credentials. For prevention: Use Secure Network Con-nections: It’s important to be connected only to the trust-ed networks. Avoid the use of public Wi-Fi networks. More secure and trusted WiFi con-nections identified as “WPA or WPA2” requiring strong passwords should be used.
Best practices for users to remain safe
- Enable Passwords On De-vices: Strong passwords should be enabled on the user’s phones, tablets, and other mobile devices be-fore mobile banking apps can be used. Additional layers of security inher-ently provided by these devices should be used.
- Bank account number or IPIN should not be stored on the user’s mobile phone.
- The user should report the loss of mobile phone to the bank for them to dis-able the user’s IPIN and his access to the bank’s account through Mobile Banking app.
- When downloading the Bank’s Mobile app in the mobile device, the user should go to a trusted source such as the App Store on the iPhone® and iPod touch® or Android Market. User can alter-nately check the Bank’s website for the details of the ways to receive App download URL, whether in the response to his SMS or email to the bank and then install the application. The app from any other third party source should not be downloaded.
Best practices for users to be safe while doing Online shopping
Before you log on and make your first purchase, keep these ideas in mind to pro-tect your credit card and keep your bank account informa-tion safe:
- Only visit secure shop-ping websites—look for the “lock.” Check the address bar for a pad-lock symbol indicating it’s a secure website. Al-so, addresses beginning with “https” (and not just “http”) indicate additional web security.
- Shop online only with a secure network. Although you might be enjoying a nice cup of coffee at a coffee shop, avoid using the public Wi-Fi in order to keep your payment infor-mation safe.
- Protect your personal in-formation. Never click the
- box to “remember” or save your password or credit card information. It only takes a few seconds to en-ter this information when you revisit a site. (This is not only a good idea for shopping, but should be a general rule for keeping your passwords safe.)
- Watch out for frauds. With online shopping, you typically receive a confir-mation for the order and another when shipping oc-curs. One current phishing scam sends a fake email indicating a problem with your order and includes a link or attachment to click. Another phishing scam is targeting Amazon shop-pers. Amazon will never send you an unsolicited email asking for sensitive personal information like your social security num-ber, tax ID, bank account number, credit card infor-mation, ID questions like “mother’s maiden name” or account password. If you receive a suspicious email, please report it immediately by sending it as an attachment to stop-spoofing@amazon.com. (Likewise, if you are reporting a suspicious URL, put it in the body of the email and send it to stop-spoofing@amazon.com.)
- Monitor your purchas-es. This is another list to “check twice.” Hope-fully, you are reviewing your credit card and bank statements throughout the year. During the hol-idays, it is even more im-portant to be vigilant so you can catch any suspi-cious activity on your ac-counts.
- Avoid use of cookies:Cookies are typically stored on your comput-er’s Internet browser by default. The purpose of cookies is to store set-tings and information for web pages that you have accessed. Turn off cookies from settings of the web browser and apps that you use for shopping.
- Use Secure payment methods: Only shop on sites that take secure payment methods, such as credit cards, as they likely give you buyer protection just in case there’s a dispute.
Watch out for fake shopping Apps
- Thieves are trying to steal your credit card and identity with fake shopping apps .Be sure you are downloading the legitimate app by getting it from the company’s official website or, if downloading from an app store directly, check to see it’s been around for a few years and has high ratings from many users. Never be the first to download a new shopping app.
- If you are interacting with brands on social media, make sure they are “verified,” with the lit-tle blue checkmark by their profile, which means the company is legit.