Mobile banking: are the FCA's security fears well-founded?

The UK's Financial Conduct Authority is reviewing security in the mobile banking sector amid fears that mobile banking and payments are developing too fast for security systems to keep up. Concerns that ease and convenience comes at the cost of security may be well founded, writes Ellie Chambers.

The UK’s Financial Conduct Authority is reviewing security in the mobile banking sector amid fears that mobile banking and payments are developing too fast for security systems to keep up. Concerns that ease and convenience comes at the cost of security may be well founded, writes Ellie Chambers

Many of us are now used to being able to log into our bank accounts with a few taps at our smartphones, but perhaps this security review by the FCA should give us pause for thought. As technology speeds ahead, it might be worth asking whether security is keeping up with innovations in online and mobile banking, and whether we’ve allowed ourselves to be so swept up by our desire for the quick and easy that we simply don’t care.

I remember when I first set up mobile banking on my phone I was disconcerted by how easy it was. ‘Shouldn’t this be a little more difficult?’ I thought, as I sailed through the security checks. I couldn’t help thinking that if it was so easy for me to log on, that could mean it would be easy for fraudsters too.

Now I think nothing of moving money about on my phone, but recent security scares have made me sympathise with FCA’s fears. McAfee warned only last week that banking malware is being used to attack Android phones and steal login details. In South Korea, fraudsters have even developed a piece of malware that masquerades as a legitimate banking app while actually harvesting your security details. Some of these apps persuade you to delete the genuine app by displaying error messages. As someone who regards deleting and re-downloading an app as the equivalent of turning-it-on-and-off-again, I can easily see myself being taken in by this malware.

The malware threat is only part of the problem. Attacks on customers through mobile banking are nothing new. Last October, NatWest was forced to suspend its ‘GetCash’ app when fraudsters mounted a phishing attack. Last summer, RBS’s mobile network crashed, costing the bank £175m and in the US, Bank of America’s online and mobile phone banking service went down on February 1, causing panic amongst customers.

Some apps don’t even require a customer to enter security details. To use Barclays PingIt, you only need to enter your phone number before ‘pinging’ money all over the place. In an age when there is such an emphasis on always being contactable, mobile phone numbers aren’t exactly closely guarded secrets. In addition, as many phones store their own numbers, what’s to stop anyone who finds or steals your phone ‘pinging’ themselves some money from your account?

Lastly, I’d like to mention FCA’s fear that, as the BBC put it, customers might ‘be using mobile banking late at night, which could affect their concentration when moving funds’. It seems there’s a new addition to the list of modern technologies that don’t mix well with ‘late nights’. Following close on the heels of ‘don’t drink and Tweet’ comes that new classic adage…’don’t drink and bank’.