Blog

When a fraudster borrows your customers smartphone

June 20, 2013 by Kevin Christensen — Vice President, Audit, SHAZAM

This post continues our series on risk assessment for mobile banking apps.

Smartphone theft is a burgeoning crime, and one that is definitely not victimless. A few years back, stolen cell phones were an inconvenience — victims had to replace their phones and rekey in contacts.

Today, however, stolen smartphones equipped with banking and payment tools — not to mention hundreds of other apps that gather and store personal data — can be the lynchpin to a devastating identity theft incident.

Mobile threat #8: Vulnerable apps allow criminals access to info

In my last post, I discussed the importance of securing user passwords. Obviously, you, as the financial institution providing this window into the private financial lives of your customers, want to keep it closed to strangers. But sometimes, the criminals gain entry. And then what? How do you minimize the risk once fraudsters are inside looking around at your customer’s information?

To lessen the risk:

Be sure no personal customer data resides on the smartphone itself, nor is visible inside your mobile banking app. You want to protect information that a legitimate user would already know (and not need access to) and information that could be of great value to a criminal. This is information such as the social security number (even the last four digits) or an associated card’s number and expiration date.

Another thing you can do is to be sure your app times out after even a brief period of inactivity. This prevents criminals from gaining access should your customer forget to log-off before misplacing his or her phone or having it stolen.

Next time, we’ll discuss the threat of inadequate contract terms between a financial institution and its mobile-banking customers.