As Cybersecurity Awareness month comes to an end, Javelin encourages everyone to recognize the cyberrisks related to mobile devices.  Most people have a reasonable awareness of good security safeguards for their computer – use antimalware regularly, avoid dodgy websites, and don’t respond to that grammatically torturous email from a Nigerian prince – he probably doesn’t actually have your best interests at heart. There is still a long way to go in many areas, especially around password habits, but the trajectory is headed in the right direction. The same cannot be said for our smartphones and tablets. With mobile devices now ubiquitous, they are rapidly becoming the keys to their owner’s financial lives. From my smartphone, I can access all my online accounts (email, banking, and social networking, to name a few), make payments in stores and online, send money to friends, even open new banking accounts. More than that, for the security-conscious, smartphones act as additional safeguards against financial loss through one-time passwords and alerts. Despite pouring more and more value into their mobile devices, few take appropriate precautions to prevent compromise. Here are a few steps consumers should take to make sure that their smartphones and tablets stay firmly under their control.

  • Apply a screen lock: With so much personal information available on our mobile devices, it is unwise to leave them open for anyone to access. Unfortunately, only half of smartphone owners use even a rudimentary lock screen.  A simple password, pattern, or fingerprint lock creates a significant barrier to any miscreant who tries to access your data. Most mobile devices will allow you to set additional security features such as automatically wiping the phone after a number of incorrect password attempts.
  • Keep a clean device: Just like your computer, your mobile device is susceptible to malware. Keeping a clean phone requires many of the same habits as keeping a clean computer – avoid unsafe websites, do not open email attachments or links from unknown senders, and keep clear of applications from unknown publishers with few reviews. Additionally, many good antimalware solutions are available for mobile devices, to provide additional protection against compromise. Just four in ten smartphone owners use mobile antimalware software, leaving a lot of room for improvement.
  • Activate remote wipe capabilities: In the event that someone does steal your smartphone, remote wipe programs can make it impossible for them to access your information even if they know or guess your password. iPhone users have these features automatically built into their iCloud account and Android users should take advantage of Google’s Android Device Manager.

With so much room for improvement in consumer mobile security habits, what are necessary steps for financial institutions (FIs) and issuers looking to deliver products and services to consumers’ mobile devices?  As mobile threats grow more sophisticated by the day, FIs and issuers should be taking every opportunity to regularly educate consumers as to best practices.  They should also harden their applications against reverse engineering and implement stronger mobile authentication.  No one party can ensure that mobile devices are as safe and secure as they can be – it takes cooperation and shared responsibility. Over the coming months Javelin is going to focus heavily on securing mobile devices and the transactions they facilitate.  Join us as we explore ways to mitigate the mobile-oriented cybercrimes that affect consumers, businesses, and their financial service providers.

Author

About Al Pascual

An accomplished industry analyst, market researcher, and financial industry practitioner, Al Pascual is Javelin’s Research Director and Head of Fraud & Security. As Research Director, Al leads Javelin’s Advisory Services and Custom Research businesses. He oversees growth of these businesses while ensuring that Javelin’s research content meets quality standards and provides the innovative perspectives that clients expect from the firm.

As Head of Fraud & Security, Al provides clients actionable insights on a variety of fraud and security issues, acts as a partner in developing strategies for managing risk, and identifies and raises awareness of future threats and solutions. Al researches a range of topics, including the applicability of biometrics in banking and payments, the effect of data breaches on the integrity of consumer identities, the relationship between identity fraud and loyalty, and the best methods for securing payment data and transactions.

Al has presented findings from Javelin’s rigorous, industry-leading research at conferences around the world, including BAI, CARTES, Money20/20, NACHA, and RSA. Al has provided commentary on fraud and security issues to American Banker, Bloomberg, CNNMoney, Fox Business, Reuters, The New York Times, The Wall Street Journal, The Washington Post, and Wired.

Previously Al held risk management roles at HSBC, Goldman Sachs, and FIS. He is a member of the Association of Certified Fraud Examiners, the International Association of Financial Crimes Investigators, and the Federal Reserve Secure Payments Task Force. Al also serves on the board of advisers to the Information Security Media Group. He earned a Bachelor of Arts degree in History from the University of South Florida.

Stay in Touch!