M-banking: Acknowledged Data Thefts
- For the first time, the Federal Deposit Insurance Corporation (FDIC) acknowledges that US banking customers have already been robed of their transaction details when making wireless operations. The second edition of its quarterly document, entitled Supervisory Insights, includes a section dealing with “data transaction security”, in which it is stated that "incidents have occurred where banking credentials were stolen from an unsecure WLAN."
- As these wireless local networks are hardly ever secure, the represent a threat for mobile operations: neither the customer nor the bank can assess their security level or legitimacy.
- Mobile terminals generally try to connect to the most perceptible signal. They proceed with authenticating themselves to the cell towers through sending their unique SIM details. This procedure is however not reciprocal and fake cell towers are sometimes used by fraudsters to lure the devices, bypass sessions and even to compromise m-banking sessions
- Mobile banking is a major trend and several players now propose these services (see Products and Technologies section as well as previous Insights): the FDIC reminds that about 19 million US households have already been convinced by these kinds of offers (Online Banking Report, n°. 188, January 2011). As use cases increase, these services could have been adopted by 38 million households by 2015.
- Nevertheless, these indications are highly disquieting and may fuel the feeling of insecurity already present in the customers’ minds. According to a study conducted by NQ Mobile and the National Cyber Security Alliance (NCSA), 81% of Smartphone users are now preoccupied by the notion of mobile security even if, despite these fears, many do not implement the necessary measures to protect their mobile communications (see previous Insights).
- The security of their personal details stored on the terminals lies at the heart of their preoccupations: 78% of those surveyed fear that their mobile terminal might be stolen and the data appropriated by fraudsters, while 67% are worried about the security of their banking identifiers.
- As far as geolocation data is concerned, only 50% of those interrogated say they know how to configure these features. 95% believe they are tracked by at least one entity when their mobile phone is switched on.
- Finally, 58% explain they don’t even know if they actually need tools to protect their mobile devices.