Abi Lab research shows a significant drop in online banking fraud. At the same time, however, alarm is growing for mobile banking
Good but not great. That’s what you’d think when you flip through the pages of the report prepared by the technicians of Abi Lab (a consortium for research and innovation of the Italian Banking Association) on the situation of computer fraud against Italian banks and their customers.
While there has been a significant drop in general, the growing popularity of mobile banking apps is causing more than a few concerns. Security experts from the University of Genoa, in fact, point out that the apps that allow us to check our bank accounts and perform transactions directly from our smartphones have very serious flaws and bugs. This could allow hackers and cyber criminals to enter the banking circuits and steal money and sensitive information from customers’ online accounts. A situation that, at the moment, has not yet occurred, but no one excludes that in the future it could happen.
The data of the Abi Lab report
2016 was a felix year as far as computer banking fraud is concerned. The data from the Abi Lab survey, presented during the “Banks and Security” event, show a situation that is much better than in the past. Anomalous transactions have dropped by more than 30 percentage points compared to 2015 (34.4% to be precise), while private users involved in computer fraud were 1 in every 50 thousand (on the corporate side, however, the frauds affected 1 company in every 17 thousand).
In the report are also highlighted the different strategies that hackers employ in attacking users or credit institutions. In the first case, social engineering techniques and phishing attacks are used, while banks are affected by the diffusion of malware and viruses of all kinds. To protect users, underline Abi IT experts, there are however home banking apps, which provide an additional level of security. Thanks to these apps, customers can activate strong authentication mechanisms such as passwords to access their personal banking profile and authorize banking transactions.
The weak points of mobile banking
As they say, however, not all that glitters is gold. Research by the University of Genoa, conducted on 20 applications from 20 banks, has revealed several vulnerabilities, some of them serious, that could allow an attacker to break into customers’ bank accounts and empty them in a matter of seconds. Moreover, in some cases, the apps do not implement cryptographic protocols and certificates: this means that information is transmitted online in a “clear” way and could be intercepted and “read” by anyone.