More than 40% of European consumers use mobile banking on their smartphones.

While apps such as mobile banking and payments have helped simplify personal finance management, they also require a user’s personal information. Most banking apps have software that verifies a user’s identity when they log in, often using financial companies like Payfone to verify the mobile being used. However, not all apps have up-to-date security features, leaving mobile phones vulnerable to hackers.

Outsmarting the competition

Fraudsters use scams to gain control of mobile phones, access information or impersonate a victim. Common scams that allow fraudsters to login or circumvent banking apps include:

1. SIM swap fraud
   Hackers gather information on potential victims through phishing schemes. Using this data, they call mobile operators and change their SIM, taking control of a victim’s mobile accounts
2. One-time PINs
   Banks have begun sending texts or e-mails requesting code verification for large or unusual purchases. Fraudsters capitalise on this practice by using the “I forgot my password” prompt, then calling a victim’s phone. They ask the victim to repeat the one-time code over the phone to verify the account, granting themselves access to passwords and financials
3. In-store pickups
   When a fraudster acquires banking app logins they will often make online purchases. To reduce these scams, retailers have increased security around purchases being sent to a new billing address. Fraudsters will instead use in-store pickups, bypassing security
4. Cardless ATM transactions
   Today, banks are experimenting with a mobile feature that allows customers to remove cash from ATM machines without their debit card. Fraudsters use this feature to initiate a cardless transaction from a hacked phone, allowing them to withdraw up to $3,000

The counter-measures

There are simple steps consumers can take to counter these hacks:

• Create a PIN on a wireless carrier account
  When hackers call a mobile carrier they will not be able to make important changes without inputting the PIN, adding an extra layer of security
• Add increased security measures to apps
  Mobile banking apps allow features such as Touch ID or additional passcodes. Adding biometrics can stop fraudsters accessing a victim’s phone
• Be aware that banks will never call unannounced
  Banks do not send PIN numbers and then call to ask for verification, or call customers without first making an appointment

While consumers increasingly expect convenience from their smartphones, new technology is leaving doors open for fraudsters to steal money. Mobile operators should work with anti-fraud organisations to identify scams in-progress, reducing harm to consumers.

For more information on how fraudsters access mobile phones, click here.