Friday, July 17, 2015

MOBILE APPS SPECIAL ..............................MOBILE BANKING - How Safe Are MOBILE BANKING APPS?

MOBILE BANKING - How Safe Are MOBILE BANKING APPS?


Every year, millions of dollars are stolen from customers' bank accounts by hackers, or due to the carelessness of customers.
JPMorgan Chase systems were hacked and the names, addresses, phone numbers and e-mail addresses of 83 million account holders were reportedly exposed in one of the biggest data security breaches in history. As was the case with Tesco's customers.
Even though banks in India haven't reported any significant breaches, their giant leap in the digital world to enhance customer experience exposes them and their customers to losses.

ILLEGITIMATE SOFTWARE, SONGS, MOVIES, PIRATED CONTENT
Downloading from unauthorised websites can be your undoing. `Keybinder', a software technology, inflicts malicious content on a file downloaded from unauthorised sites. Once Keybinder has lodged itself in your mobile, it can be used to access your mobile banking details.
Solution: Banks do not store information on mobile phones. All bank-related information like debit card numbers or passwords are transmitted from the mobile to the bank in an encrypted manner. Your bank uses an application to clear sensitive data on the mobile app.

MOBILE OPERATING SYSTEM
Running an old operating system is another gateway to mobile banking venerability.The new versions invariably include some type of a secure patch.
Solution: Most banks transmit information in encrypted form without storing any in the ecosystem. Banks monitor mobile apps 24*7 through tools, people and application. There are applications like Appsec on IOS that monitors the mo bile app. Banks use tools like Dexguard and EnsureIT to encrypt files, making it difficult for hackers to decode.

SMS VULNERABILITY
Spam messages are common these days -such as those offering you a cruise ride in exotic places. Click on these, and you end up downloading malware, giving hackers direct access to personal banking information.
Solution: Banks have put in place tools that monitor spam mails. Lifehacker and google administrator are among the tools that can detect spam mails.

SETTINGS AND CONFIGURATIONS OF ALL OTHER APPS
When you click `yes' to pop-ups while downloading apps on your mobile, you may end up allowing someone to access your mobile banking details in your app.
Solution: Banks use apps that provide a score on operating system security updates and malware detection. The application either makes the decision to close the mobile app or passes on the score to back-end systems over a secure channel for investigations.

USING WI-FI
Through the use of free public or shared Wi-Fi, you may unwittingly accept a malware application, which in turn will access information in your mobile.
Solution: Banks do not allow access to mobile banking if the request has come from a black listed IP address. Banks maintain a white list and black list of IP addresses and domain names to prevent apps from talking to other domains not specified on the white list.

THE MOBILE BANKING APPLICATION ITSELF
A non-updated mobile banking application will invite malware virus to attack your existing application, which is an easy way to access mobile banking application details.
Solution: Banks use filters to check for black listed application versions. If an app version is blacklisted, then the user will receive an error message and be asked to upgrade the app.

PHONE WITH NO LOCK
If it is lost, it is a paradise for hackers, who can easily access your personal banking details with the bare minimum technologies.
Solution: Banks do not allow access to mobile banking unless the request has come from an SMS and voice-enabled mobile phone number. The bank follows a standard request format that is relatively safe.

WEAK PASSWORD: PASSWORDS WITH ONLY LETTERS IS EASY TO BREAK
Also, if you use the same password in all apps, your banking password can be obtained from other apps with the help of malware.
Solution: Mobile banking requires a six-digit password which is considered many times safer than using a four-digit password. The algorithm to hack a six-digit password is a lot more complex. Besides, the account gets locked after five attempts.

PRIVACY VIOLATION
Revealing confidential information like a one-time pin, password or bank account or even date of birth on apps like WhatsApp can also expose you to a mobile banking hacking threat.
Solution: The application removes data from the clipboard when the app operates in the background so it cannot be transferred outside the application.

 Saikat Das & Shilpy Sinha 

ET1JUL15

No comments: