41st Parameter, the global leader in device recognition and online fraud prevention, has partnered with BAI and Aite Group to provide financial industry risk managers with information and insights on the emerging threats of mobile fraud. Ori Eisen, founder and chief innovation officer at 41st Parameter, and Julie Conroy McNelley, research director at Aite Group, present their thoughts on the risks and opportunities as banking goes mobile, available as a complimentary program to BAI Members and to a broader audience as an on-demand webinar.
According to research from Aite Group, 88% of global risk executives see mobile as the next area of exposure for the financial industry. That isn't slowing consumer demand for more and deeper mobile banking capabilities, nor is it dampening banks' desire to give customers what they want. The challenge is striking the right balance between convenience and security.
"Mobile has placed incredible power in the palms of users' hands," said McNelley. "Many industries - including banking - are trying to put this power to good use. Unfortunately, there are others interested in using the promise and potential of mobile to their own nefarious ends. As more, higher risk transaction volume flows through the mobile channel, it is becoming an increasingly attractive target for cybercriminals. Today, as in the past, the threats will be mitigated through a combination of technology, creativity and smart thinking."
"People view their mobile devices differently than a computer," said Eisen. "They expect everything about them to be casual and instantaneous which is driving demand for 'fly through' authentication. Making transactions easy will drive volume and as volume increases so will the threat of fraud. It's a vicious cycle that the industry needs to prepare for and prevent."
Risk managers need to become acquainted with all of the ways fraud can be perpetrated using mobile devices both through the web and through apps. The mobile web exposes banks - and their customers - to the threats inherent in any browser session. These threats are complicated by the fact that mobile devices are harder to authenticate due to their inability to store cookies or other identifiers. Apps create an entirely new set of threats that need to be addressed: rogue remote deposit capture, man-in-the-app attacks, look-alike apps used for phishing and the challenge of deploying security patches.
Eisen addresses these threats in the webinar and recommends risk managers consider the following to combat these emerging dangers:
- Authentication strategies for customers' mobile devices
- Implementation of an effective mobile security update / maintenance programme
- Planning for interdependent risks of mobile apps and the mobile web
- Whether existing back-end risk management processes can be integrated with new multi-modal front-end interfaces
- HTML5 as a potential platform for mobile banking services
