Until recently, mobile banking fraud was restricted by limited mobile banking capabilities and customer adoption. Santa Clara, Calif.-based software security firm McAfee, an Intel company, found 83 million online malware threats in its 2012 first-quarter Threats Report, compared to only 8,000 mobile malware threats. But rising mobile adoption and growing demand for more mobile banking services not only presents opportunities for banks, it also creates more targets for fraudsters.
"Malware has proliferated online; it's still in its infancy in mobile," says Keith Gordon, SVP of security and fraud and enrollments executive for the online and mobile channels for Charlotte, N.C.-based Bank of America. According to Gordon, however, it's inevitable that fraudsters will follow customers to mobile. "Once the fraudsters find an opportunity in mobile," he says, "they will find a way to exploit it."
An Evolving Arsenal
On the bright side, Gordon notes, he is excited about the array of new security measures that the mobile channel offers to combat fraud, such as geolocation and biometric authentication. But all of these new security tools present another challenge: Banks risk turning off customers to their mobile offerings if they add too many inconvenient security barriers to keep out the bad guys.
[Don't Be Afraid of Mobile Banking Apps]
"I'd love to put tons of layers of security in place, but that would be too intrusive," Gordon remarks. "Customers don't like to be unduly challenged, but they want a little bit of a challenge to know we're there."
Addressing the challenge of balancing security with the customer experience is at the core of Bank of America's ($2.18 trillion in total assets) mobile strategy, adds Gordon, who says a lot of thought has to go into what won't turn off customers. He reports that the bank has had success with mobile alerts that notify customers when the bank detects suspicious activity. And he notes that customers are becoming more comfortable with allowing mobile apps to track their location, an ability that banks can use to detect fraudulent behavior by, for instance, verifying that a customer's mobile phone is in the same location as a debit card transaction.
Bank of America also uses some transparent security methods that customers don't even see, according to Gordon. "We have a lot of capability that customers don't even know is there to make transactions secure," he says. "They are right underneath the covers; the customer doesn't see them, but we know it's you."
An Inconvenient Truth
While most experts agree that it's only a matter of time before fraudsters target mobile, the issue of just how much convenience customers will be willing to sacrifice for security is much less clear. "How will consumers react when fraudsters start attacking [the mobile space]?" asks Shirley Inscoe, a senior analyst at Boston-based Aite Group. "Will consumers be willing to take that extra step to enter a PIN or password?"
Inscoe is pessimistic on the issue. She says banks have drawn customers to mobile by promising convenience, and convenience is what customers now expect. With so much focus on convenience, though, consumers rarely consider security when it comes to their mobile devices, Inscoe remarks. "People don't show their mobile devices respect; they don't treat it like a computer. They leave it at the restaurant," she says. "I'm not sure what needs to be done to reeducate the public. People aren't thinking about the mobile device as a powerful tool. It can give fraudsters entree into the entire banking relationship."
This is why it is key for banks to educate customers about mobile security, insists Brian Pearce, SVP and head of the retail mobile channel at Wells Fargo's Digital Channels Group in San Francisco. "We have a lot of good educational content [for customers] on interacting safely with your device," Pearce comments. Wells Fargo ($1.3 trillion in assets) features educational material on its homepage telling customers how to recognize and report scams.
Pearce is more optimistic than Inscoe about how much customers are willing to give up for security. "When customers think about social media apps, customer experience is paramount," he observes. "But with a banking app, customers really are looking for security. They want to know protection is in place."