By 2014, Aite Group estimates 44 million consumers will be using some form of mobile banking. And as more institutions roll out mobile banking and payments, more consumers will jump on the mobile bandwagon, making mobile banking an increasingly inviting target for fraudsters, McNelley says.
As a result, McNelley says in an interview, banks need to take steps now to protect their mobile channels in preparation for the explosive growth ahead. One crucial step, she says, involves monitoring cross-channel fraud patterns that link online and mobile banking. Another important step, she says, is to ensure developers anticipate potential risks before mobile services and platforms are launched.
Too many banks are waiting to see what kinds of threats develop before investing in technologies to mitigate mobile risks, McNelley says. "People are going to have to be more proactive; you can't be taking a wait-and-see approach."
Mobile Risks Grow
A 2011 Aite survey of 24 global financial executives found that 75 percent believe the mobile channel poses fraud and security risks, and 88 percent believe the mobile channel will be the next big point of financial services fraud exposure.
"We're already seeing Zeus and SpyEye Trojans in the mobile channel," McNelley says. "The opportunities for cross-channel fraud are interesting." Some attacks are aimed solely mobile. "We are seeing some attacks on Android that are recording entire voice conversations, which is pretty unique the mobile environment," she says.
The majority of top-tier U.S. banking institutions already offer some form of mobile banking for retail and commercial customers and members, McNelley says. And those that don't offer services for both sides of the business have announced plans to do so by the end of 2012.
As more platforms for mobile banking and payments are rolled out for business accounts, banks and credit unions can expect fraud linked to ACH payments to increase as well. "We'll see the same threats that are affecting the online environment affecting the mobile environment," McNelley says. "From that perspective, ACH fraud will be a concern."< p> At the RSA Conference 2012 in San Francisco, McNelley will lead a peer-to-peer discussion about fraud and mobile security risks. The session, Mobile Security in Financial Services, is slated for 9:30 a.m. March 1.
In an interview previewing her session, McNelley discusses:
- Successful fraud mitigation strategies that can be taken from online banking and applied to mobile;
- Regulatory guidance banks and credit unions can soon expect for mobile banking and payments; and
- Why cross-channel monitoring will be critical as more banking applications and platforms are rolled out.
At Aite Group, McNelley specializes in banking and payments fraud issues. She has more than a decade of product management experience, working with financial institutions, payments processors and risk management companies. She formerly served as senior vice president of product management with Golden Gateway Financial. Before joining Golden Gateway, she was vice president of product solutions with Early Warning Services, where she managed fraud prevention services. McNelley began her career as a research analyst at E*Offering, where she analyzed online financial services and risk-management firms.