• United States




Fraud follows mobile banking adoption

Aug 25, 20163 mins
CybercrimeMobileMobile Apps

Fraud prevention in increasingly popular mobile banking apps is of paramount importance in maintaining the trust and safety of users

Since 2011, the Federal Reserve Board has conducted an annual survey that asks consumers how they use their mobile phones to interact with financial institutions, make payments, and manage their personal finances.

Here are some of the key takeaways from the 2016 survey:

  • In 2015, 67% of Millennials used mobile banking. This compares to 18% for those consumers aged 60 or over. And the usage gap is widening.
  • 40% of the unbanked had access to a smartphone.
  • 70% of the underbanked were smartphone owners.

Driven by lower requirements for account creation, lower cost of banking, and ease of use of mobile banking solutions, consumers who have traditionally been excluded from the banking system and consumers who are coming of age for banking solutions are adopting mobile banking rather than opting for traditional banking solutions like ATMs or branch tellers. The accelerated adoption of mobile banking by Millennials, the underbanked and the unbanked is even more obvious in developing markets which (a) have a lot more underbanked and unbanked consumers and which (b) are leapfrogging desktop Internet to move directly to mobile Internet.

While mobile banking seems like an obvious choice because of lower costs, increased convenience and access to a wider user base, security and fraud concerns hinder further adoption. In fact, 73% of non-users of mobile banking in the same survey cited security concerns as a common reason for not using mobile banking. An IBM study (2016 Mobile Security & Business Transformation study) found 58% of security experts at financial institutions ranked security concerns as a top risk indicator inhibiting full deployment of mobile services.

Mobile banking app developers should be aware of the most prominent fraud risks including:

  1. Mobile Malware and Phishing: While malware specifically targeting mobile devices is an increasing menace, consumer awareness of mobile malware is still lagging. In addition to the traditional desktop malware threats like suspicious links in email or search results, mobile users can be compromised in new ways. Users can download malicious apps that access personal information or alter phone functionality. Users can also be targeted for phishing attacks via text messaging.
  2. Stolen Credentials: Fraudsters can steal sensitive information including login credentials, device IDs, and payment information from mobile devices. This information could then be subsequently used to create new financial accounts or apply for loans or credit lines.
  3. Business Logic Flaws: Fraudsters try different variations of the application flow, to find a way to cheat the application logic and find loopholes ultimately with the intention of committing fraud. Detection is difficult because the user follows a particular logic/flow through the app that requires creative out of the box thinking and is not anticipated.

Fraud prevention is often an afterthought when launching new apps. Ensuring your mobile banking app has adequate fraud prevention built-in is of paramount importance to maintaining the trust and safety of your users. In a subsequent blog post, we can take a look at basic steps you could take to ensure fraud protection for your app.


Rahul Pangam is co-founder and CEO of fraud-detection startup Simility, which has $7.2 million in seed funding led by Accel Partners and Trinity Ventures and dual headquarters in Palo Alto, Calif., and Hyderabad, India.

Founded in 2014, Simility is already analyzing millions of transactions per week for customers on four continents as part of a limited beta release of its online fraud-detection platform.

Prior to Simility, Rahul was a director at Google, where he led a global team of 200 that reduced fraud in ads by 90 percent. He is a fraud-detection industry veteran, having spent more than six years at Google building teams responsible for fighting fraud and abuse in Google’s ads and its local and social products.

Prior to Google, Rahul was a lead engineer at General Electric, working on GE’s smart grid software products.

Rahul holds an MBA from the University of Michigan and M.S. in electrical engineering from Clemson University.

The opinions expressed in this blog are those of Rahul Pangam and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.