Stamp out mobile banking fraud

May 2015 Integrated Solutions, Access Control & Identity Management

Financial services companies should look for solutions that allow them to control the entire mobile transaction lifecycle if they want to beat fraudsters that exploit mobile security gaps to defraud bank account holders.

Zane Renou, chief commercial officer at Cellfind.
Zane Renou, chief commercial officer at Cellfind.

That’s the word from Zane Renou, chief commercial officer at Cellfind, who says that banks should take a proactive approach to securing the vulnerabilities in SIM cards and devices that create opportunities for impostors to defraud customers.

“Internet and mobile banking fraud is on the increase as con artists take advantage of a range of systems and communication channels to pilfer account holders’ information and to access their bank accounts. SIM swapping is still perhaps one of the biggest threats, particularly because it lends itself to social engineering or dishonesty by employees in some cases.

“But other threats are also on the rise, for example, smartphone malware designed to steal customers’ log-in information; and spoofing attacks where hackers produce fake messages or transaction requests so that they can pretend to be someone else.”

Renou outlines the most common forms of mobile banking fraud and theft as follows:

• Eavesdropping: Criminals can eavesdrop on messages since most of these are not encrypted. From these messages, they learn valuable information for use in their intrusions and attacks.

• Smartphones: Because they’re essentially handheld computers, smartphones are vulnerable to malware. Once a hacker has gained control of a smartphone via malware, or by a stolen phone, he or she has access to the account holder’s banking channel.

• SIM swaps: Via identity theft or with the collusion of an employee working for a mobile operator or a service provider, the fraudster could obtain a new SIM card for a user’s cellphone number. This enables the fraudster to receive one-time PIN codes for online transactions or to use the customer’s mobile banking PIN. Of course, the fraudster will need to get the user’s banking details first, which is usually done through a phishing attack.

• Spoofing: Hackers can produce a false USSD request to masquerade as a user, while cross network roaming means that hackers can gain access to a network while masquerading as a user’s mobile phone roaming on another network. Once hackers gain access to the network, they can make and receive any type of communication on behalf of users. This includes voice, SMS and USSD.

• New methods of attack: A recent trend is to combine a SIM swap and network porting. This buys the hackers time as it takes longer to discover the crime and even longer to stop the service across two networks.

“We are extremely concerned about possible future fraud attacks from remote networks. This type of spoofing bypasses the manual processes involved in a SIM swap, so it can be automated.” Renou says. “The old ways of detecting fraud are constrained and only effective against a small number of attack strategies.

“The SIM is perhaps the biggest soft spot for criminals’ attacks on users’ bank accounts,” says Renou. “But there is technology available today, for example ValiPort, that addresses this vulnerability.”

These solutions secure mobile financial transactions by validating the authenticity of the originator, and that the handset and SIM card are who they say they are. Through a series of steps, the mobile banking solution can ensure that the risks surrounding spoofing and SIM swapping are effectively exposed and pro-actively managed.

For mobile-originated traffic, the origin of the request is verified when the session starts. This means that spoofs are no longer possible and compromised SIM swapping is a thing of the past. For mobile-terminating traffic such as a PIN number sent to a subscriber via SMS or USSD push, the destination is similarly verified before the SMS is delivered, effectively reducing the associated risks.

For more information contact mobilebanking@cellfind.co.za, www.cellfind.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Future trends for electronic safety and security in mining
Fang Fences & Guards Mining (Industry) Integrated Solutions AI & Data Analytics
The mining industry is ever evolving, driven by technological advancements and the growing need for enhanced safety and security measures, with significant innovation seen in turnkey electronic security for mining operations.

Read more...
Unlocking enhanced security for mining
Mining (Industry) Integrated Solutions
In the dynamic landscape of African mining, security remains of paramount concern as threats evolve and challenges persist, and mining companies seek innovative solutions to safeguard their operations, assets, and personnel.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Read more...
Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Read more...
The promise of mobile credentials
Technews Publishing Suprema neaMetrics HID Global Editor's Choice Access Control & Identity Management IoT & Automation
SMART Security Solutions examines the advantages and disadvantages of mobile credentials in a market dominated by cards and fobs, in which biometrics is viewed as a secure alternative.

Read more...
Prepare for cyber-physical attacks
Gallagher Information Security Access Control & Identity Management
As the security landscape continues to evolve, organisations must fortify their security solutions to embrace the changing needs of the security and technology industries. Nowhere is this more present than with regard to cybersecurity.

Read more...
Unleash the full potential of AI at the edge
Suprema AI & Data Analytics Access Control & Identity Management
Efficient AI algorithms, when embedded in edge access control devices, enable companies to optimise their use of AI and edge processing to deliver reliable and fast authentication.

Read more...
Advanced security solution for high-risk areas
Secutel Technologies Surveillance Integrated Solutions
The need for a sophisticated intrusion detection system is paramount when faced with persistent security challenges, particularly in isolated battery rooms or high-risk areas prone to vandalism, cable theft, and battery theft.

Read more...
Vumacam and NAVIC enhance SafeCity initiative
Integrated Solutions Risk Management & Resilience
Vumacam and NAVIC, two of South Africa's most respected surveillance technology and vehicle intelligence providers, are proud to announce an alliance that will greatly expand the coverage and impact of the SafeCity initiative across the country.

Read more...