More and more installing banks' mobile applications on their smartphones. Large banks are constantly working to improve and expand the functionality of their applications. Managing accounts and performing basic transactions from a smartphone is convenient and practical. But is it always safe? Let's figure it out.
Most fraudulent activities to steal money from bank customer accounts are social engineering. Fraudsters by any means try to deceive users of their personal data - access codes to the application and, as a result, to the bank account.
What are the dangers faced by users of mobile banking applications?
Unfortunately, customers themselves disclose personal information to fraudsters, click on suspicious links from SMS messages, or do not use increased protection (for example, biometric identification). The bank does not compensate for the loss of these funds, so you need to be careful.
Attackers fraudulently (threats, intimidation, saving your funds during a phone call) deceive personal data and access codes to the banking application.
Fraudsters use the following social engineering methods:
Fraudsters send links in SMS messages, after clicking on which a virus is installed on the victim's smartphone, which intercepts messages from the bank.
As a result of SIM-card "hijacking" (when the criminal informs the operator about the alleged loss of your SIM-card and restores it), the fraudster gains access to the banking application.
If your smartphone is lost or stolen, thieves can easily access your banking application if you do not use additional technologies (such as biometrics) to lock your mobile phone and enter mobile banking and perform transactions.
Most bank customers still do not understand why they need increased application protection. They do not set up biometric identification to confirm the payment, even if the bank and smartphone support this technology. Moreover, many Ukrainians do not put passwords or other protection methods on their phones, such as Face ID and Touch ID. But if the user's phone is in the hands of fraudsters, they will remotely reissue the SIM card with the number and will be able to receive the confirmation code sent by the bank. But faking a fingerprint or a face scan is almost impossible.
How banks improve the security of their applications on the example of FUIB
Let's take a look at the example of FUIB bank, how biometric identification works in the FUIB Online mobile application.
Now, in the FUIB Online application, biometric identification is used to confirm the payment. That is, only the owner of the phone will be able to confirm the payment on the Internet using a fingerprint or face scan.
Technology 3-D Secure 2.0: what has changed in application security?
To confirm the online payment, the client is sent a push message, which can be used to go to the FUIB Online mobile application. The app identifies the customer by scanning a fingerprint with Touch ID or facial recognition with Face ID. The customer then confirms the payment.
What does the customer identification process look like now?
It is worth noting that identification with biometrics is available only if both the smartphone and the acquiring bank through which the payment on the site passes, support 3D Secure 2.0 technology.
It is necessary to update the mobile application, after which the 3D Secure 2.0 technology will connect automatically. To start using it, you must:
How to set up biometric identification in the bank application
Configure the entrance to the FUIB Online mobile application via Touch ID / Face ID
Enable push messages.
Customers whose smartphones do not support Touch ID or Face ID will receive SMS messages to confirm online payments.
The bank's mobile application is a convenient way to manage your finances on your smartphone. For transactions to be safe, customers need to follow simple rules.
How to safely use the bank's mobile application: TOP expert advice
Use only official bank applications.
Use application security techniques such as biometric identification.
Do not tell anyone the password to enter the bank's mobile application.
Do not click on suspicious links from received SMS messages or e-mails, even if the message claims to be from a bank.
Set limits for basic transactions from your account, as well as open and close the possibility of Internet transactions, only for their implementation.
Remember: the bank does not call from the numbers indicated on its website in the contacts section, these numbers are only for your calls to the bank!
Be sure to lock your phone with a password or pin code, or better with a fingerprint or face scan (if your phone supports such functions).
You can also use the bank's insurance against card account fraud. For example, FUIB offers its clients the Fraud Protection service, which covers the most popular types of card account fraud. The peculiarity of insurance is that it also covers social engineering - i.e. cases when clients themselves share information with scammers that allows them to gain access to accounts. The insurance limit is 20 thousand hryvnia, and the cost of insurance is 200 hryvnia per year.
Mobile banking applications are becoming more and more popular among users. They give you the freedom and convenience to manage your finances anytime, anywhere. However, scammers also follow trends and very often aim to gain access to mobile banking. To ensure the safety of all financial transactions and the safety of funds, remember the basic rules for the safe use of mobile applications.
Most fraudulent activities to steal money from bank customer accounts are social engineering. Fraudsters by any means try to deceive users of their personal data - access codes to the application and, as a result, to the bank account.
What are the dangers faced by users of mobile banking applications?
Unfortunately, customers themselves disclose personal information to fraudsters, click on suspicious links from SMS messages, or do not use increased protection (for example, biometric identification). The bank does not compensate for the loss of these funds, so you need to be careful.
Attackers fraudulently (threats, intimidation, saving your funds during a phone call) deceive personal data and access codes to the banking application.
Fraudsters use the following social engineering methods:
Fraudsters send links in SMS messages, after clicking on which a virus is installed on the victim's smartphone, which intercepts messages from the bank.
As a result of SIM-card "hijacking" (when the criminal informs the operator about the alleged loss of your SIM-card and restores it), the fraudster gains access to the banking application.
If your smartphone is lost or stolen, thieves can easily access your banking application if you do not use additional technologies (such as biometrics) to lock your mobile phone and enter mobile banking and perform transactions.
Most bank customers still do not understand why they need increased application protection. They do not set up biometric identification to confirm the payment, even if the bank and smartphone support this technology. Moreover, many Ukrainians do not put passwords or other protection methods on their phones, such as Face ID and Touch ID. But if the user's phone is in the hands of fraudsters, they will remotely reissue the SIM card with the number and will be able to receive the confirmation code sent by the bank. But faking a fingerprint or a face scan is almost impossible.
How banks improve the security of their applications on the example of FUIB
Let's take a look at the example of FUIB bank, how biometric identification works in the FUIB Online mobile application.
Now, in the FUIB Online application, biometric identification is used to confirm the payment. That is, only the owner of the phone will be able to confirm the payment on the Internet using a fingerprint or face scan.
Technology 3-D Secure 2.0: what has changed in application security?
To confirm the online payment, the client is sent a push message, which can be used to go to the FUIB Online mobile application. The app identifies the customer by scanning a fingerprint with Touch ID or facial recognition with Face ID. The customer then confirms the payment.
What does the customer identification process look like now?
It is worth noting that identification with biometrics is available only if both the smartphone and the acquiring bank through which the payment on the site passes, support 3D Secure 2.0 technology.
It is necessary to update the mobile application, after which the 3D Secure 2.0 technology will connect automatically. To start using it, you must:
How to set up biometric identification in the bank application
Configure the entrance to the FUIB Online mobile application via Touch ID / Face ID
Enable push messages.
Customers whose smartphones do not support Touch ID or Face ID will receive SMS messages to confirm online payments.
The bank's mobile application is a convenient way to manage your finances on your smartphone. For transactions to be safe, customers need to follow simple rules.
How to safely use the bank's mobile application: TOP expert advice
Use only official bank applications.
Use application security techniques such as biometric identification.
Do not tell anyone the password to enter the bank's mobile application.
Do not click on suspicious links from received SMS messages or e-mails, even if the message claims to be from a bank.
Set limits for basic transactions from your account, as well as open and close the possibility of Internet transactions, only for their implementation.
Remember: the bank does not call from the numbers indicated on its website in the contacts section, these numbers are only for your calls to the bank!
Be sure to lock your phone with a password or pin code, or better with a fingerprint or face scan (if your phone supports such functions).
You can also use the bank's insurance against card account fraud. For example, FUIB offers its clients the Fraud Protection service, which covers the most popular types of card account fraud. The peculiarity of insurance is that it also covers social engineering - i.e. cases when clients themselves share information with scammers that allows them to gain access to accounts. The insurance limit is 20 thousand hryvnia, and the cost of insurance is 200 hryvnia per year.
Mobile banking applications are becoming more and more popular among users. They give you the freedom and convenience to manage your finances anytime, anywhere. However, scammers also follow trends and very often aim to gain access to mobile banking. To ensure the safety of all financial transactions and the safety of funds, remember the basic rules for the safe use of mobile applications.
