In late 2015, mobile banking users in Singapore lost thousands of dollars after falling victim to malicious software (malware) targeting Android phones. In the incident, cyber criminals gained access to users’ banking credentials and subsequently used the credentials to make fraudulent financial transactions.
The incident is one of many taking place amidst the increasing popularity of mobile banking. While banking applications offer convenience, there are also security risks with potentially severe consequences. These risks include malware, corrupt applications and flawed authentication. Attackers are on the constant lookout for vulnerabilities to exploit in the transactional process (application download and access, performing a financial transaction, etc.) and the system (hardware, firmware, operating system, etc.) The consequences of a success exploit of a security vulnerability can be severe, including stolen credentials, financial loss and even a loss of reputation.
Fortunately, security researchers and app developers are aware of such vulnerabilities and have implemented measures at the back-end to mitigate these risks. While banks are taking steps to ensure users have a safe and secure mobile banking experience, users have to do their part to protect their credentials against possible risks.
Below are 4 simple steps you can take:
1. Use only official mobile banking apps
Download the official versions of mobile banking apps from the authorised mobile app stores Google Play (Android) and App Store (iOS), or the bank’s official website.
Listed below are a few of the official mobile banking apps:
Standard Chartered: https://www.sc.com/sg/ways-to-bank/sc-mobile-app/
2. Use a separate device to obtain your One-Time Password (OTP)
The OTP is the second step of the two-factor authentication method used by banks to mitigate fraudulent transactions.
Wherever possible, set up a separate device to receive your OTP. This further protects your online transactions as the OTP will be received on a device that only you can access.
Furthermore, if your preferred device has been compromised, receiving your OTP on a separate device would prevent attackers from gaining your OTP and completing a transaction on your behalf.
3. Use only secured Wi-Fi networks when performing transactions
Avoid using unsecured Wi-Fi networks when performing mobile and online banking or other financial transactions. Cyber attackers can capture information passing through unsecured Wi-Fi networks, including your bank credentials.
4. Set up bank transaction notification alerts
By setting up email or SMS notification alerts for your transactions, you can monitor your transactions for any suspicious activity on your bank accounts.