Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/23/2010
03:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Credit Union Offers Mobile Banking Security Tips

Mobile banking is essentially safe, but fraud is on the rise, so consumers need to be aware

San Jose, CA (March 23, 2010) - The widespread use of mobile banking means more convenience for consumers and offers better ways to monitor account activity. Unfortunately, it also means there are more opportunities for consumer fraud, says Technology Credit Union, a Silicon Valley credit union that has served the financial needs of high tech professionals for 50 years and is an industry leader in online and mobile banking technology.

Credit unions and banks across the country employ multiple forms of identification authentication, log-in procedures and encrypted communications to make sure cyber criminals can't access confidential banking information while consumers are using a mobile banking application. However, the biggest threat to mobile security isn't the technology; it's the fact that many consumers are ignorant of the many fraudulent applications that exist online and on mobile platforms.

"Fraudsters know that the key to their success lies in the consumer," said Victor Smilgys, Tech CU's AVP of eCommerce and a mobile banking security expert, "so they are being very crafty in their approach to making the consumer believe an app is harmless and, in some cases, disguising it as a security safeguard. Better education is the key to minimizing these risks."

Though no specific data exists on the prevalence of mobile banking fraud, The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), says that cyber-crime complaints in general have increased significantly over the past year. The IC3 has received 22.3 percent more complaints in 2009 than in 2008 for a total loss of $559.7 million (up from $265 million in 2008) all linked to online fraud.

Consumers can significantly minimize the risk of fraud and help protect their identity while using mobile banking services by following these common-sense tips offered by Technology Credit Union.

TECH CU'S CONSUMER TIPS FOR MOBILE BANKING SECURITY

-Password-protect your mobile device and lock your device when it's not in use. Keep your mobile device in a safe location.

-Frequently delete text messages from your financial institution on your mobile device, especially if they contain sensitive information.

-Never disclose personal information about your accounts via a text message, i.e. account numbers, passwords, or any combination of information that can be used to steal your identity.

-If you change your mobile number or lose your mobile phone, immediately contact your financial institution to change the details of your mobile banking profile.

-Do not hack or modify your device, as this will leave it susceptible to infection from a virus or Trojan.

-When possible, install mobile security software on your device (if it's available). Some mobile security solutions include: AhnLab Mobile Security, avast! PDA Edition, Kaspersky Mobile Security, and Norton Smartphone Security.

-Be aware that malware exists and fraudulent applications will continue to pop up. Don't download applications onto your phone without checking them out first. Verify the legitimacy of an application with your financial institution before downloading it to your smartphone - verify that the app publisher or seller is your financial institution, or if possible, go through your financial institution's web site to download the application.

-Report any banking application that appears to be malicious to your financial institution right away.

-Monitor your financial records and accounts on a regular basis and consider having electronic alerts on account activity sent to your email or mobile device. Regularly review your statements with online banking. This will enable you to spot any suspicious activity

If you have been a victim of identity theft, contact your financial institution immediately. You should also place a fraud alert on your credit report and continue to review your credit reports, close the accounts that you know (or believe) have been tampered with or opened fraudulently, and file a complaint with the Federal Trade Commission (FTC). Go to www.ftccomplaintassistant.gov for more information.

Finally, Smilgys points out that using mobile banking can actually help deter some fraud because it gives a person an easy way to check their account on a regular basis and notify their credit union or bank more quickly if they see suspicious activity.

ABOUT TECHNOLOGY CREDIT UNION Technology Credit Union is a full-service financial institution serving and high tech professionals and their families who work, live or study in Santa Clara, Alameda, Contra Costa, Santa Cruz, San Mateo and San Francisco counties. First established in 1960, Tech CU is now among the top 1 percent of the nation's largest credit unions. It is recognized as one of the best managed and strongest financial institutions in the country, as indicated by Tech CU's 5-star rating from Bauer Financial, the nation's largest independent rating service for banks and credit unions. With more than 77,000 members, over $1.3 billion in assets and 10 full-service branches around the Bay Area, Tech CU is a leader in the credit union industry. For more information, visit www.TechCU.com.

CONTACT INFORMATION: Tawnya Lancaster Public Relations Phone: 408-205-1618 [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5148
PUBLISHED: 2021-03-05
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...
CVE-2020-36255
PUBLISHED: 2021-03-05
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.
CVE-2019-18351
PUBLISHED: 2021-03-05
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...
CVE-2021-27963
PUBLISHED: 2021-03-05
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
CVE-2021-27964
PUBLISHED: 2021-03-05
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.