Fraud follows mobile banking adoption

Since 2011, the Federal Reserve Board has conducted an annual survey that asks consumers how they use their mobile phones to interact with financial institutions, make payments, and manage their personal finances.

Here are some of the key takeaways from the 2016 survey:

• In 2015, 67% of Millennials used mobile banking. This compares to 18% for those consumers aged 60 or over. And the usage gap is widening.
• 40% of the unbanked had access to a smartphone.
• 70% of the underbanked were smartphone owners.

Driven by lower requirements for account creation, lower cost of banking, and ease of use of mobile banking solutions, consumers who have traditionally been excluded from the banking system and consumers who are coming of age for banking solutions are adopting mobile banking rather than opting for traditional banking solutions like ATMs or branch tellers. The accelerated adoption of mobile banking by Millennials, the underbanked and the unbanked is even more obvious in developing markets which (a) have a lot more underbanked and unbanked consumers and which (b) are leapfrogging desktop Internet to move directly to mobile Internet.

While mobile banking seems like an obvious choice because of lower costs, increased convenience and access to a wider user base, security and fraud concerns hinder further adoption. In fact, 73% of non-users of mobile banking in the same survey cited security concerns as a common reason for not using mobile banking. An IBM study (2016 Mobile Security & Business Transformation study) found 58% of security experts at financial institutions ranked security concerns as a top risk indicator inhibiting full deployment of mobile services.

Mobile banking app developers should be aware of the most prominent fraud risks including:

1. Mobile Malware and Phishing: While malware specifically targeting mobile devices is an increasing menace, consumer awareness of mobile malware is still lagging. In addition to the traditional desktop malware threats like suspicious links in email or search results, mobile users can be compromised in new ways. Users can download malicious apps that access personal information or alter phone functionality. Users can also be targeted for phishing attacks via text messaging.
2. Stolen Credentials: Fraudsters can steal sensitive information including login credentials, device IDs, and payment information from mobile devices. This information could then be subsequently used to create new financial accounts or apply for loans or credit lines.
3. Business Logic Flaws: Fraudsters try different variations of the application flow, to find a way to cheat the application logic and find loopholes ultimately with the intention of committing fraud. Detection is difficult because the user follows a particular logic/flow through the app that requires creative out of the box thinking and is not anticipated.

Fraud prevention is often an afterthought when launching new apps. Ensuring your mobile banking app has adequate fraud prevention built-in is of paramount importance to maintaining the trust and safety of your users. In a subsequent blog post, we can take a look at basic steps you could take to ensure fraud protection for your app.