ADOTAS — The world is going mobile. According to data from the ThreatMetrix™ Global Trust Intelligence Network, more than 26 percent of the 500 million monthly transactions originate from mobile devices. When it comes to online banking, the percentage of transaction originating from mobile climbs even higher to 33 percent.
But while mobile optimization and the ability to forge anytime, anywhere connections have become increasingly important to consumers, many retail brands and financial services providers have come to a realization of their own: the mobile revolution is dramatically increasing cybersecurity risks.
Going forward, the push for mobile access and the demand for mobile-optimized transactions will only increase, underscoring the need for businesses across industries to develop strategies to inoculate themselves and their customers from common mobile security risks.
The Challenge of Mobile Security
Based on comScore data, mobile commerce sales are expected to surpass $25 billion by the end of 2013. When combined with the high volume of financial transactions on mobile devices, a sizeable share of all transactions count on security in the mobile space.
Unfortunately, there are many reasons why mobile isn’t as secure as most consumers, retailers and financial institutions think it is:
- Fewer security features. Mobile-based purchases and banking operations are often vulnerable because they don’t require users to perform the same security or fraud prevention measures as transactions that originate from desktop devices.
- Mobile browsers. Mobile browsers can present serious security risks because many browsers don’t offer the same scope and accuracy of information as desktops—information that is vital for the robust security measures banks and retailers rely on for cybersecurity.
- Mobile apps. Mobile apps are extremely useful for online shopping and web-based transactions. But in the race to provide consumers with the latest mobile applications, companies sometimes leverage alternate back-end processes that neglect or compromise security controls.
- Usability. In today’s marketplace, consumers and companies prioritize usability over security. For example, even though apps are “always on,” most mobile devices rely on a convenient 4-digit passcode rather than requiring users to enter a more sophisticated and secure password.
Mobile Security Threats
Not surprisingly, the vulnerability of mobile transactions has not gone unnoticed by cybercriminals. As large numbers of transactions have migrated to the mobile space, mobile-based fraud has risen exponentially, increasing the potential for unauthorized account access, data loss and other events that have a real-dollar impact on companies and consumers.
One mobile security threat on the rise is an increase in the volume of high risk and fraudulent transactions originating from devices that are pretending to be a mobile device. For hackers, the advantage of pretending to be a mobile device is simple – by simulating mobile access, fraudsters are immediately redirected to the company’s mobile-optimized website, which frequently contains different and less robust security features than the brand’s primary website.
Another serious threat occurs when sophisticated browsers like Opera or Amazon cache content within their servers. This makes the use of IP addresses less useful for identifying the originating device and flagging suspicious activity.
Lost or stolen mobile devices and unauthorized device usage is also an important concern for companies and consumers. In many cases, mobile consumers completely ignore the security routines they practice on their desktop or laptop devices, even though smartphones and tablets are proper computers.
How to Improve Mobile Security
The good news is that most mobile security threats and vulnerabilities can be remedied by following a few, common sense guidelines.
- Basic device security. As consumers, we all need to begin applying the same security processes to our mobile devices as we do to our laptops and desktops. This includes downloading and updating anti-virus/anti-malware solutions and not allowing untrusted people to use our devices.
- Prioritize security and usability. It’s critically important for companies to recognize that they don’t need to sacrifice usability for improved security. More than ever, security must receive the same priority and attention as usability when it comes to enabling access from mobile devices.
- Sophisticated device identification. To counter the threat of pretend mobile devices, companies need to implement more advanced device identification measures. Solutions that allow the company to customize rules based on tolerance levels can help to identify suspicious devices in real-time.
- Improved mobile apps. Mobile apps are useful tools for enabling mobile-based transactions. But speed-to-market for mobile apps should never be an excuse for compromising security or utilizing sub-par backend processes.
The use of mobile technology presents new opportunities for businesses and consumers alike. But with it comes new risks and challenges. By identifying mobile vulnerabilities and implementing a handful of common sense security practices, companies can mitigate these risks and create a more secure environment for customers.