Human fallibility is now one of the biggest threats that banks and financial institutions must manage in mobile financial services MFS, according to a new report from the Risk Mitigation Workgroup of global industry association Mobey Forum, released today.
The Risk Review: Mobey Forum’s Guide to Risk Management in Mobile Financial Services contends that, in addition to device and software vulnerabilities, banks must pay particularly close attention to the high risks associated with the criminal targeting of end-users, through social engineering and phishing, for example, together with fraudulent impersonation of customers during the enrollment and installation of new apps and services.
Ron van Wezel, Senior Analyst at Aite Group and Co-Chair of the Risk Mitigation Workgroup at Mobey Forum, stated: “Today’s banks and financial institutions need to develop applications for multiple operating systems and many flavours of mobile device, so it can be easy for them to be distracted by the vulnerabilities of the technologies themselves. If they are to implement proper risk mitigation measures, however, it is vitally important that they also acquire specialist knowledge of the user-oriented threats which are now commonplace in mobile fraud. Our report offers a framework for banks to consult when conducting their own risk analyses.”
“Threats to the mobile device must not be considered in isolation,” adds Philippe Roy, IT Security Specialist at Danske Bank and Co-Chair the Risk Mitigation Workgroup at Mobey Forum. “The smart phone is only the ‘user facing component’ of a much wider ecosystem of app stores, services and content providers. This interconnectivity exposes both the mobile device and its applications to increased risks, all of which must be carefully considered by banks before they launch new services.”
“Maintaining the delicate balance between user convenience and security is a fine line for banks to walk,” adds Sirpa Nordlund, Executive Director, Mobey Forum. “To succeed, banks must take a holistic view of risk; one that considers the weaknesses in both the technologies and their customers’ behaviour. As adoption rates increase, device-oriented financial services will diversify, making the risk landscape more convoluted and difficult for banks to navigate. We intend to produce content that will help banks and financial institutions maintain robust security in the digital age and, most importantly, mitigate risk, both for themselves and their customers.”