MOBILE BANKING - How Safe
Are MOBILE BANKING APPS?
Every year, millions of dollars are stolen from customers' bank
accounts by hackers, or due to the carelessness of customers.
JPMorgan Chase systems were hacked and the names,
addresses, phone numbers and e-mail addresses of 83 million account holders
were reportedly exposed in one of the biggest data security breaches in
history. As was the case with Tesco's customers.
Even though banks in India haven't reported any
significant breaches, their giant leap in the digital world to enhance customer
experience exposes them and their customers to losses.
ILLEGITIMATE SOFTWARE,
SONGS, MOVIES, PIRATED CONTENT
Downloading from unauthorised websites can be your undoing.
`Keybinder', a software technology, inflicts malicious content on a file
downloaded from unauthorised sites. Once Keybinder has lodged itself in your
mobile, it can be used to access your mobile banking details.
Solution: Banks do not store information on mobile phones. All
bank-related information like debit card numbers or passwords are transmitted
from the mobile to the bank in an encrypted manner. Your bank uses an
application to clear sensitive data on the mobile app.
MOBILE OPERATING
SYSTEM
Running an old operating system is another gateway to mobile
banking venerability.The new versions invariably include some type of a secure
patch.
Solution: Most banks transmit information in encrypted form
without storing any in the ecosystem. Banks monitor mobile apps 24*7 through
tools, people and application. There are applications like Appsec on IOS that
monitors the mo bile app. Banks use tools like Dexguard and EnsureIT to encrypt
files, making it difficult for hackers to decode.
SMS VULNERABILITY
Spam messages are common these days -such as those offering you a
cruise ride in exotic places. Click on these, and you end up downloading
malware, giving hackers direct access to personal banking information.
Solution: Banks have put in place tools that monitor spam mails.
Lifehacker and google administrator are among the tools that can detect spam
mails.
SETTINGS AND CONFIGURATIONS
OF ALL OTHER APPS
When you click `yes' to pop-ups while downloading apps on your
mobile, you may end up allowing someone to access your mobile banking details
in your app.
Solution: Banks use apps that provide a score on operating system
security updates and malware detection. The application either makes the
decision to close the mobile app or passes on the score to back-end systems
over a secure channel for investigations.
USING WI-FI
Through the use of free public or shared Wi-Fi, you may unwittingly
accept a malware application, which in turn will access information in your
mobile.
Solution: Banks do not allow access to mobile banking if the
request has come from a black listed IP address. Banks maintain a white list
and black list of IP addresses and domain names to prevent apps from talking to
other domains not specified on the white list.
THE MOBILE BANKING
APPLICATION ITSELF
A non-updated mobile banking application will invite malware virus
to attack your existing application, which is an easy way to access mobile
banking application details.
Solution: Banks use filters to check for black listed application
versions. If an app version is blacklisted, then the user will receive an error message and be asked to upgrade the app.
PHONE WITH NO LOCK
If it is lost, it is a paradise for hackers, who can easily access
your personal banking details with the bare minimum technologies.
Solution: Banks do not allow access to mobile banking unless the
request has come from an SMS and voice-enabled mobile phone number. The bank
follows a standard request format that is relatively safe.
WEAK PASSWORD:
PASSWORDS WITH ONLY LETTERS IS EASY TO BREAK
Also, if you use the same password in all apps, your banking
password can be obtained from other apps with the help of malware.
Solution: Mobile banking requires a six-digit password which is
considered many times safer than using a four-digit password. The algorithm to
hack a six-digit password is a lot more complex. Besides, the account gets
locked after five attempts.
PRIVACY VIOLATION
Revealing confidential information like a one-time pin, password
or bank account or even date of birth on apps like WhatsApp can also expose you
to a mobile banking hacking threat.
Solution: The application removes data from the clipboard when the
app operates in the background so it cannot be transferred outside the
application.
Saikat Das & Shilpy Sinha
ET1JUL15
No comments:
Post a Comment