Cyberthreat to Mobile Banking
Cash transactions are increasingly becoming a thing of the past. More and more people are interacting with their banks and bank accounts through their smartphones. While this is improving access, it is also presenting a challenge in the form of increasing cyberattack vulnerability.
How prevalent is mobile banking?
- According to 2020 Statista survey covering 5,000 households across 25 states,
- About 2/3rd of the respondents owned smartphones.
- Half of these people transact money digitally.
- Some 31% of the respondents had a banking app on their phones.
- Nearly 14% of the respondents used their mobile phones for banking purposes.
- These numbers spiked during the pandemic lockdowns as even more people switched to digital banking to overcome the scarcity in physical services.
- According to government data, digital transactions in India has increased to nearly 90% between FY19 and FY21. It is expected to account for 71.7% of overall payment volume by 2025 end.
- This acceptance was also fuelled by the convenience and the quickness offered by the mobile applications.
How significant is the threat to mobile banking?
- While digital banking accelerated banking services, it brought in a vulnerability too- the threat of cyberattacks on mobile phones.
- According to Kaspersky (the global cybersecurity firm), there is a threat of increase in cyberattacks on iOS and Android devices, especially in the Asia Pacific region, as more people are adopting digital banking.
- Mobile banking Trojans could steal money from the victim’s bank account via his/ her mobile phone. A Trojan is a malware that appears to be legitimate (like a legitimate app on Google Play) and lures users to install it. When installed, the malware takes control of the mobile phone.
- One such Trojan, called Anubis, has been targeting mobile phone users since 2017.
- It has hit users across the world- China, Colombia, Denmark, France, Germany, India, Russia, Turkey, USA and Vietnam.
- It continues to be one of the most common mobile banking Trojans.
- It not only infects devices via malicious apps that appear genuine, but also through smishing (phishing messages sent via SMS) and through the BianLian malware (another Trojan).
- Another notable Trojan that targets mobile banking users is the Roaming Mantis.
- It attacks Android devices. Now, the group is showing interest in iOS users too.
- It spreads the malicious code by hijacking DNS (domain name systems) via smishing.
- Between the start of 2021 and the 1st half of 2022, some half a million Roaming Mantis attacks were detected.
How is interoperability contributing to the mix?
- GPay, PaytM, PhonePe and other mobile payment platforms are benefiting from the increasing adoption of mobile banking. They have also changed the payments game to their advantage.
- However, these platforms operate in a closed-loop payment system i.e. a GPay user is able to send money to another account only via GPay platform. This is similar to how Mastercard and Visa operate i.e. allowing transaction only within their own network and not between networks.
- According to an Accenture report on 2022 banking trends, this business model could change as regulators are preferring platforms that are open and standardized, to lower barriers and enable entry.
- Some countries are already nudging payment platform providers to drop this business model.
- For instance, China has directed its internet companies to provide their rival companies’ links and payment services on their platform.
- In India, the new legislation demands that all mobile payment platforms be capable of providing interoperability among the wallets.
- This push towards interoperability from regulators comes at a time when the demand for technical experts in the banking industry is concerning high.
- The Accenture report noted that this shortage of technical experts in the banking sector hides a wider problem- that of the sector’s fading appeal as 1st choice employers.
What is the way ahead?
- While digital innovation has improved our access to banking services, it has also provided a lucrative avenue for cybercriminals, as seen from the sharp increase in the number of cyberattacks.
- As the value of digital payments in India is expected to reach $1 trillion by FY26, it is vital for fintech and financial institutions to improve the security of their networks and databases.
- Governments and the industry must combine efforts to identify vulnerabilities in the system and allocate budgets for infrastructure security and network vulnerability management.
- There is a need to fix the mismatch between the technical talent availability and the rise in cybersecurity threats.
- At company level, Zero Trust approach is a recommended strategy to prevent breaches.
- Many fintech firms are adopting AI and machine learning-based solutions to identify and prevent frauds.
- There is a need for extreme caution when using mobile phones to make payments. The usual digital hygiene practices like rebooting regularly, keeping the phone up to date and using phones for mobile banking only when connected to a secure VPN are imperative.
- While iOS is considered to be a more secure system, there is a need to note that cybercriminals are deploying increasingly sophisticated methods to hack into devices. Hence caution is required even when using the higher end devices. For instance, experts suggest turning on ‘Lockdown Mode’ in iOS 16 to limit the phone’s functionality and to protect it from malwares.
Conclusion:
Mobile banking has revolutionized how people access banking services and it is here to stay, especially as more and more people have access to smartphones and internet connections. The governments, for their part, are pushing for interoperability to further enable the uptake. However, it comes with a downside in the form of increased cybersecurity threats. There is a need to strengthen cybersecurity infrastructure, surveillance capabilities and solutions. On individual level, digital hygiene and cautious use of digital banking is the key.
Practice Question for Mains:
The adoption of mobile banking has spiked after the pandemic and is expected to see even more takers in the future. Discuss the cybersecurity threats faced in mobile banking and suggest some solutions. (250 words)
If you like this post, please share your feedback in the comments section below so that we will upload more posts like this.