Fraud follows mobile banking adoption

Digital disruption in retail banking

Rapid adoption of digital banking channels, especially mobile, is forcing banks to rethink customer experience and processes. Driven by lower requirements for account creation, lower cost of banking, and ease of use of mobile banking solutions, customers who have traditionally been excluded from the banking system and customers who are coming of age for banking are adopting mobile banking over traditional banking channels like ATMs or branch tellers.

According to a 2015 survey by the US Federal Reserve Board that asks consumers how they use their mobile phones to interact with financial institutions, make payments, and manage their personal finances:

• In 2015, 67% of millennials used mobile banking
• 40% of the unbanked had access to a smartphone
• 70% of the underbanked were smartphone owners

Accelerated adoption of mobile banking by millennials, the underbanked and the unbanked is even more obvious in emerging markets which (a) have more underbanked and unbanked consumers and (b) are leapfrogging desktop internet to move directly to mobile internet. According to an April 2015 ING International Survey, Turkey had the highest percentage of internet users who use digital banking (65%) among states surveyed.

Fraud and Security Concerns

While mobile banking seems like the obvious future of banking because of lower costs, increased convenience and access to a wider user base, security and fraud concerns hinder further adoption. In fact, 73% of non-users of mobile banking in the US Federal Reserve Board Survey cited security concerns as a common reason for not using mobile banking. A 2016 IBM Mobile Security & Business Transformation study found 58% of security experts at financial institutions ranked security concerns as a top risk indicator inhibiting full deployment of mobile services.

Based on our research, banks and mobile banking app developers should be aware of the most prominent fraud risks including:

1. Mobile Malware and Phishing: While malware specifically targeting mobile devices is an increasing menace, consumer awareness of mobile malware is still lagging. In addition to the traditional desktop malware, threats like suspicious links in email or search results can compromise mobile users’ identity in new ways. Users can download malicious apps that access personal information or alter phone functionality. Users can also be targeted for phishing attacks via text messaging.

2. Stolen Credentials: Fraudsters can steal sensitive information from mobile devices, including login credentials, device details, and payment information. This information can then be used to create new financial accounts or apply for loans or credit lines.

3. Business Logic Flaws: Fraudsters try different variations of the application flow to find ways to cheat the application logic and find loopholes ultimately with the intention of committing fraud. These attacks are very difficult to detect because the user follows a particular logic through the app that requires creative thinking not anticipated by app developers.

Fraud prevention is often an afterthought when launching new digital channels for customers. Ensuring your mobile banking app has adequate fraud prevention built-in is of paramount importance tobmaintaining the trust and safety of your users.

Fraud and security solutions

Fraud detection vendors have built technology specifically designed to combat fraud in mobile banking and it can be leveraged to regain the trust of consumers. If used correctly, there are actually many aspects of mobile banking that can make it more secure than traditional banking.

1. Device Fingerprinting: Device fingerprinting on mobile apps can derive information about a user that can more accurately confirm their identity without them manually entering any personal information, simply by using the unique set of signals obtained from their device.

2. Machine Learning: Machine Learning algorithms can provide banks with insights about transactions and user behavior that were almost impossible to decipher with a manual analysis of data using rule-based systems.

3. Behavioral & Biometric Feeds - Advanced signals like behavioral feeds as well as input from biometric sources provide a new dimension of data that can be integrated into the fraud detection solution. Doing this increases the precision of catching fraudulent transactions

4. Graph Analysis: Graph analysis allows banks to link users, transactions, and devices via entities like addresses, phone numbers, IP addresses, and social profiles. This allows for analysts and data scientists to easily identify complex fraud patterns and relationships without scrolling through hundreds of lines in a spreadsheet.

Not only can these techniques reduce fraud, but they go a step further and develop fraud-sensitive flows to reduce friction to good users. For example, while a traditional bank may require every user, whether trustworthy or not, to fill out the same form to apply for a new account, a mobile banking app leveraging device fingerprinting and behavioural biometrics can confirm trusted devices and send them through a zero friction process while requiring extra verification from non-trusted devices. This reduced friction will make the mobile banking experience much more enjoyable for trusted users.

About Rahul Pangam

Rahul Pangam is currently the Co-Founder and CEO of Simility, a fraud detection analytics company in Silicon Valley. Prior to this he founded and grew some of the biggest anti-fraud teams at Google.

About Simility

Similitys Fraud Detection Solution has transformed the anti-fraud industry with a versatile platform that combines the best of human analysis and machine learning. We help your company reduce fraud and abuse while fostering trust and safety. Simility has a global set of customers and processes billions of transactions per year.

For similar stories, please check out our Web Fraud Prevention and Online Authentication Market Guide 2016/2017 here to get access to an insightful outline of the global digital identity and web fraud ecosystem.