Until a few years ago, off-site banking was only preferred by tech-savvy customers who were dealing with advanced technology in their daily lives. For other people, regular on-site banking was the preferred method of carrying out transactions.
With the increased accessibility of the internet, however, off-site banking solutions have exploded in popularity. Mobile banking, in particular, has become a preferred method for many people—with the introduction of the smartphone being a driving force.
Today, sensing the positive welcome for mobile banking from their customers, all major banks across the world offer mobile banking services to their customers.
That said, as we know in the cyber world, any technology that becomes popular is bound to attract some unwanted threat actors—these days, even unpopular tech is being targeted increasingly—and mobile banking is no different.
In recent years, we’ve seen a significant increase in cyber attacks targeting mobile banking applications—in the USA, banks and customers lost $40 million due to mobile banking attacks in 2020, and that has made mobile banking cybersecurity a talking point in the industry.
In this post, we dive deeper into what the causes of mobile banking cyber vulnerabilities are, and what measures can banks and customers take to negate these threats.
Before we dive into the cause of mobile banking cyber attacks, let’s look at some of the common types of cyber attacks targeted at mobile banking applications.
A deeper look at the point of entry/point of initiation for cyber attacks mentioned above reveals that banks and customers are equally at fault when it comes to mobile banking security issues.
A recent study of mobile banking applications at 14 major banks uncovered security frailties in both client-side and server-side applications. The study revealed that none of the applications tested had an acceptable level of security for financial use.
54% of all mobile banking security issues were found on the server-side. Security gaps on the servers allow cybercriminals to infiltrate the networks and steal sensitive information such as user credentials and credit card information.
On client-side applications, cybercriminals can access the source code of the applications by simply downloading them and decompiling them with advanced decompilation software; this allows them to initiate deep attacks such as code injection and repackaging.
Accidentally installing malware applications on the phone is the biggest user-side vulnerability with regards to mobile banking applications. These malware applications include trojan viruses—in 2020, trojan attacks increased by over 15%—and keylogging or screen logging applications.
Banks can prevent vulnerabilities in their banking applications by conducting thorough mobile application testing, allowing them to identify potential vulnerabilities that could open up a pathway for cybercriminals to access the base code.
Lack of code obfuscation is a major pitfall of mobile banking applications. Obfuscating the source code of the application ensures damage limitation even if cybercriminals can infiltrate client or server-side applications.
While this may seem like a simple solution when compared to sophisticated cyber attacks, MFA is an effective security measure to prevent unauthorised access to mobile banking applications. By making MFA mandatory, banks can ensure security across all of their digital banking applications.
Users of mobile banking applications may not have the expertise to implement sophisticated security protocols, but they can improve security by avoiding installing unwanted applications from the Play Store or App Store—Android users, in particular, should refrain from sideloading unknown applications from outside the Play Store.
As mobile banking applications have become more popular, so have attacks against them. Today, users and banks lose millions of dollars every year as a result of these attacks.
Ensuring the security of mobile banking applications is, therefore, a top priority for banks and users.