NEW YORK (MainStreet) -- Mobile banking users may not know this, but 40% of mobile banking application developers "aren't taking the right precautions" to protect end users from fraud and data breaches, according to a recent study by IBM.
That's not all. The same study states that only 6% of total mobile app development is spent on security.
"That's why one of my biggest concerns for mobile banking is the lack of security on the back-end of a mobile banking app," says Andrew von Ramin Mapp, chief executive officer of Data Analyzers, a data =0recovery and computer forensics firm. "As more mobile banking apps come out, you may want to resist the urge to download one on your phone. The less apps on your mobile phone, the less of a chance of a 'man in the middle' hacker accessing communications and information, especially sensitive banking information."
Some banking experts say the most realistic solutions for banks and for mobile users, are not to eliminate fraud - that's not going to happen - but limit it. "There will always be fraud," says Robert Siciliano, an identity theft specialist at BestCompanys.com. "With an increase in mobile banking, there will be in increase in fraud simply, because there are known exploits that fraud artists exploit more often like malware and check cashing fraud."
Even so, mobile banking is still relatively safer than other forms of digital banking. "The low hanging fruit is still personal computers," Siciliano adds. "There are hundreds of thousands of viruses targeting mobiles, specifically Androids, but millions of viruses targeting personal computers. And, as the scams and scammers get more prolific, so will the fraud. But mobile is inherently more secure than PCs, or less ubiquitous, or less vulnerable, in regards to traditional online banking."
A big reason why mobile and online banking are so vulnerable to data hacks and fraud is because of the highly impersonal nature of digital financial technologies. "All computerized banking is just an overlay on the old security paradigm, which is face-to-face dealing with a bank employee," notes E. William Horne, founder of William Warren Consulting. "It's fairly hard to fake knowing someone and harder to forge a signature in the presence of an experienced teller, so the traditional method was 'secure' for practical purposes."
Further poisoning the well is there has never been any meaningful standard of identity verification in online transactions, Horne adds. "The technology to do it is already proven and in place, but banks are making too much money to care, by firing their old front-line security team like the teller at the local bank and substituting ATMs, online access, and telephone response trees, all of which are set up to assume that the person using them is, ipso facto, the account holder."
Horne envisions a catastrophic loss when several mega-banks are hacked at the same time, and billions of dollars stolen. "Only then will meaningful security for online transactions will be implemented," he adds.
If there's any good news for mobile banking users, it's that many data thieves don't deem mobile banking accounts worthy of their time, largely because there is bigger money to be made elsewhere. "Mobile payments today are actually safer than many think, primarily because the big dollar hacks are against entire databases," says Jason Chaikin, president of Vkansee, a fingerprint technology development firm. "Individual user accounts don't have much appeal at this point because most of us aren't worth the penetration attempt. But at the same time, as our mobile lifestyles continues to drive new conveniences - like shopping on your phone and securely paying with stored payment credit and debit cards - it makes sense to tighten up any weaknesses now before it's too late."
It's also helpful for mobile banking users to be realistic. "People should know that criminals are running a business," says Ricardo Villadiego, CEO of Easy Solutions, a banking security services firm. "Data thieves need to stay relevant and are investing a lot of money and effort in building cybercrime platforms for mobile environments, which will only increase."
"Smart bankers will see mobile as another, more powerful transactional channel where fraud protection - in layers - make the most sense," he added.