Author: Clayton Locke
Protecting financial customers from online fraud
Cybercrime is on the increase. Figures show that in 2007, £3m was stolen from UK bank branches directly. However, Dr Ross Anderson from Cambridge University reported in his 2012 paper, ‘Measuring the cost of cybercrime’, that online card fraud led to over £135m being stolen from UK banks in 2010. In fact, over 40 times more is taken from banks online than in high-street thefts, and consequently UK banks are spending about £450m per year protecting consumers from online fraud, writes Clayton Locke.
Cybercrime has become big business and, with existing security evolving to meet growing demand, criminals are seeking weaknesses in newer technologies as an easier route to fraud. As the new kid on the block, it seems logical that mobile would be the next item on the agenda for these hackers.
With this backdrop in place, it seems unsurprising that a survey from analytics company FICO showed that 72% of mobile users believe that mobile banking is not secure. This is partly the result of a knowledge gap between consumer perception and the realities of mobile banking technology, because many mobile FS apps actually provide bank grade security, and can be just as secure as online channels. However, with cybercrime on the rise, the population is right to express concern, and the industry needs to respond accordingly.
So what does this mean for the banking industry? For digital services to develop properly, banks need to face up to the fact that cybercriminals will target those institutions with the weakest security.
Consumer confidence is tuned into cybercrime, and as such it makes sense for banks to invest in the strongest defences they can muster for mobile and online banking. The reputational risk arising from weak security in mobile and online banking is huge – this risk must be mitigated through strong and continuously evolving counter-measures.
In turn, consumers need to be educated that mobile banking is very secure if you are using the right software. It’s essential that formal industry bodies recognise the importance of this, and create a set of guidelines for financial institutions and consumers to follow which makes the technology more transparent. Organisations such as the Open Web Application Security Project (OWASP) are already dedicated to enhancing the security of software, but mobile app security is not yet an area of special interest. In 2013, groups like this need to help the digital banking industry develop clear mobile banking data security standards, similar to payments standard PCI DSS.
With cybercrime on the increase, it’s in danger of stunting the growth of mobile FS – a technology which can provide true convenience and value to the consumer as smartphone use increases. Whilst mobile banking apps are still relatively new, it is essential that industry bodies support the creation of a set of security standards, which can give the consumer peace of mind that the technology is absolutely safe.