Banks must consider the weakness of their own consumers’ behaviours and avoid being distracted by technical vulnerabilities when it comes to improving the security of mobile banking and payments systems, a report by Mobey Forum says.
The global industry association for banks and financial institutions says “human fallibility is now one of the biggest risks” their members face when managing mobile financial services.
The group’s Risk Mitigation Workgroup (RMW) says banks must pay close attention to the high risks associated with criminal targeting of end-users, through “social engineering and phishing”, together with fraudulent impersonation of customers during the enrollment and installation of new apps and services.
In the first part of The Risk Review: Mobey Forum’s Guide to Risk Management in Mobile Financial Services, 12 categories of threats are identified and risk levels are assigned, based upon the likelihood of occurrence and anticipated impact.
The second part of the report being developed will provide guidance on mitigation measures and best practices to reduce the risks.
“Today’s banks and financial institutions need to develop applications for multiple operating systems and many flavours of mobile device, so it can be easy for them to be distracted by the vulnerabilities of the technologies themselves,” says Ron van Wezel, senior analyst at Aite Group and RMW co-chair.
“If they are to implement proper risk mitigation measures, however, it is vitally important that they also acquire specialist knowledge of the user-oriented threats which are now commonplace in mobile fraud.”
“To succeed, banks must take a holistic view of risk; one that considers the weaknesses in both the technologies and their customers’ behaviour,” adds Sirpa Nordlund, executive director of Mobey Forum.