Friend or foe: Fraud and your phone


By TJ Horan, leader of Fico’s fraud solutions business unit

Smartphones are some of our closest companions; we use them to order taxis, to track our health, to check the weather each morning, and increasingly to bank. Over a third (38%) of the UK population have already embraced mobile banking services, and this level of adoption is set to continue rapidly in the coming years, with mobile banking expected to reach 1.8 billion people globally by 2019, up from 0.8 billion in 2014 [Juniper Research 2015].

But when it comes to fraud, are these close companions our friends? People who have chosen to opt out of mobile banking highlight security and data confidentiality as their major concerns. These are, of course, high priorities for any financial institution with a mobile strategy. In fact, banks are stepping up their use of mobile phones to reinforce security.

Tracking location

One effective use of smartphones in fraud prevention uses them to track a customer’s location. If you allow your banking app to access your geographical position, your bank can improve the precision of its fraud detection. If your bank can check your location based on your smartphone’s GPS, the fraud team can check whether the transaction happened in the same place as you. Think about it; when are you not near your phone?

Say for example you try to withdraw money when you are abroad. This may flag as a fraudulent transaction and could lead your bank to automatically block your card. If your phone is in the same location as the transaction, then a mobile proximity service can prompt an SMS from your bank querying the transaction rather than instantly blocking your card. This not only saves you time and hassle, but allows banks to focus resources on truly fraudulent activity, all thanks to how close we are to our smartphones.

Protective layers

Like many things, strong security involves a trade-off; in order for a bank account to be secure, it needs layers of protection that take time to move through but that keep your hard-earned cash as safe as possible.

Many banks have implemented multi-factor authentication routines to try and prevent fraudsters from hacking into bank accounts and re-directing payments to themselves. To make this layer of security as convenient as possible, the random, one-time passcode generated is sent via SMS to a customer’s phone whenever a new payee is created, so the customer can check and approve any account activity immediately.

Unfortunately, criminals adapt to crack new layers of protection. In recent months, scheming fraudsters have begun violating multi-factor authentications by directly contacting a victim’s mobile service provider and impersonating the genuine consumer to obtain a new SIM card. The new SIM card is then placed into a device controlled by the scammer, allowing them to intercept any communications to that consumer’s mobile phone, including the one-time passcode from the victim’s bank. In other words, crooks are using our phones against us.

Luckily, true friendship isn’t broken that easily. Thanks to SIM swap detection technology, banks can determine if the SIM card in a customer’s phone has changed since the last authentic transaction. If SIM swap is detected, this is reported back to the bank, which can hold payment until a customer’s identity and authorisation can be properly validated. FICO and ValidSoft have been working with banks across the UK to implement this technology. One high-street bank has detected 100% of all fraudulent SIM swaps, keeping customers’ accounts, and their phones, absolutely safe.

Safe services

As mobile banking grows, banks will continue to implement the latest technologies to keep their customers’ savings safe. However, no matter how safe a mobile service may be, there are still ways for determined fraudsters to catch people out. Here are some of my top tips for keeping your trusty mobile as secure as possible so your bank accounts stay protected:

  • Make sure the banking app you download is the genuine app for your bank and that you always update it when prompted to ensure you have the latest version available with as few bugs and glitches as possible.
  • Never share your account details over SMS; if anyone ever asks you to do this, phone your bank immediately (this is different from confirming that a transaction is genuine, which your bank may well do).
  • Ask your bank whether they offer account alert technology so they can contact you instantly if fraudulent activity is linked to your account.
  • Update your address and contact information for every card you have so you can be reached if there is ever a critical situation that requires your immediate attention.
  • Allow your banking app to access your location so your bank can use this information to provide better fraud protection.

Like any relationship, our friendship with our smartphones is a two-way street. We need to protect them, so that they can protect us. Together, we are stronger in the fight against fraud.

Fico is an analytics software company, helping businesses in 90-plus countries make better decisions that drive higher levels of growth, profitability and customer satisfaction. 


About Author

Comments are closed.