BankThink

Pandemic's move to online payments comes with a potential fraud spike

The Coronavirus pandemic is pushing many consumers to shift their behavior and adopt digital processes for tasks they handled in person in the past.

Banking and financial services are no exception. While historically Americans' adoption of mobile payments has lagged behind other countries, the Centers for Disease Control and Prevention (CDC)'s recent recommendation that commercial establishments limit the handling of cash is creating a spike in consumers' use of mobile banking and mobile payments apps.

While financial institutions are encouraging customers to use their digital banking services rather than the branch or ATMs during the outbreak, attackers will also be looking to exploit this potential increased adoption of mobile banking and mobile payment apps. Now is an important time for financial institutions and payment app developers to evaluate their in-app security and adopt practices that go beyond penetration testing and other basic security practices.

First and foremost, financial institutions must ensure their mobile developers are up to date on the latest security best practices. In the rush to release new apps and features to market quickly, security can sometimes be overlooked. Traditional financial institutions and other fintech providers alike must ensure their developers have undergone secure coding training to understand how to recognize and address insecure coding practices. Automated security testing should also take place throughout the development cycle to catch security issues before they’re released to market.

High-value apps such as those used for banking and payments applications should incorporate client-side security measures, such as mobile application shielding. Mobile application shielding is especially important for securing apps that are running on insecure (i.e. jailbroken) or out-of-date mobile devices, as it enables mobile applications to protect themselves even in untrusted and hostile device environments. Even if a customer’s device becomes infected with malware, app shielding will detect it and prevent the malicious code from running.

Additional tools such as natively integrated multi-factor authentication and behavioral biometrics are also important for strengthening the security of mobile banking and payments apps, to help protect against threats such as account takeover.

With the recent news that the Treasury Department seeks to send checks to Americans as part of a stimulus package and while parts of the country go on lock-down over the coming weeks, consumers will increasingly turn to digital and mobile channels to conduct their banking, bill paying, purchasing and other financial transactions.

As a result, cybercriminals will likewise turn to the mobile channel as their primary target for attacks. Financial institutions, mobile payments providers and fintech apps of all types should aim to lock down the safety of their applications to protect their customers’ mobile accounts and sensitive data. With the proper security measures built-in, businesses and app developers can better defend their mobile apps during times of increased cyber risk.

For reprint and licensing requests for this article, click here.
Coronavirus Payment fraud E-Commerce Online payments Risk ISO and agent
MORE FROM AMERICAN BANKER