Think twice before paying on mobile phones !

Several non-banking institutions have entered the market offering payment services and this has only boosted the consumer’s readiness to adopt digital payments; particularly, mobile payments. The following statistics easily paint a picture of the exponential growth of digital transactions in the country.

  1. Cashless payments in October 2016 increased 22% when compared to October 2015.
  2. Money transfers using mobile banking and IMPS (immediate payment system – money is transferred instantly using text messaging or online banking) showed the highest increase in over 12 months ending October 2016.
  3. Mobile banking transactions grew 175%, while money transacted using mobile banking grew 369% from October to October, according to an IndiaSpend analysis of Reserve Bank of India (RBI) data.
  4. IMPS transactions grew 116% while IMPS transfers grew 150% over 12 months ending October 2016.
  5. According to a new study by Google and BCG (Boston Consulting Group), digital payments industry in India will grow 10 times to touch $500 billion by 2020.
  6. The Google-BCG report also identified that the top three services for which Indian consumers prefer online payments to offline payments include online shopping, utility bill payments, and movie ticket purchases.
  7. Indian consumers are 90% as likely to use digital payments for both online and offline transactions.
  8. According to the Reserve Bank of India (RBI), the volume of mobile wallet transactions doubled during April 2015-February 2016 period to cross 55 crore.

If the above statistics were to be summed up in one sentence, it would easily be “Digital Payment Industry is booming.” The proliferation of mobile devices, mobile apps, and operating system, has boosted innovation in the mobile ecosystem and more so in mobile payments. And while innovation raises the bar for convenience, it brings along with it new risks, threats, and vulnerabilities – which, if not addressed, widen the mobile attack landscape. The wealth of information that is stored on and transmitted via mobile devices creates unmeasured opportunities for attackers to target user data (personal, confidential, and sensitive information) regardless of the motive.

According to chipset maker Qualcomm, digital wallets and mobile banking apps in India are not using hardware-level security which can make online transactions more secure. For most vendors of such apps, security rests as an afterthought. And this makes it even easier for attackers to target such apps – ultimately leaving the user’s bank account dry.

According to the Quarterly Threat Report (Q2 2017) by Quick Heal Security Labs, Android Banking Trojans grew 166% when compared to Q1 2017. These Trojans are designed to steal information about consumers who use online banking and payment systems. Such a massive increase is only a tell-tale sign of attackers taking advantage of the ever-growing popularity of digital payments – as clearly indicated by the statistics mentioned earlier in this post.

 

Other reports

  1. In July 2017, a mobile malware called BankBot compromised over 400 apps on the Google Play Store. An app that is infected by BankBot is capable of creating ‘fake’ Internet banking login screens and even credit/debit card entry screens. So, when a user enters their banking details in these screens, they are actually handing over the information to the attacker.
  2. An Android Banking Trojan called Svpeng was detected in July 2017 to have attained keylogging functionality (keylogger – malicious software that records what a user types on their keyboard). And this functionality allowed the Trojan to steal confidential information from other apps installed on the infected phone.

These are just a few of the many examples of advanced threats that are being increasingly developed by attackers to hunt down their victims. And to combat such threats, we need to secure our smartphones with a defense system that is not only proactive but multilayered too.

 

CC : QuickHeal

 

Leave a Reply

Your email address will not be published. Required fields are marked *