With virtually every bank in the UAE now offering mobile banking services, managing your bank account has never been easier. Whether you want to pay your bills, transfer money or check your balance, mobile banking apps in the UAE now offer a seamless solution. But are there any risks to using these apps? Many security experts believe there is a greater risk of compromising your personal data and bank account information when using an app as compared to online banking through a website.
As more and more customers have begun to use mobile apps, hackers and thieves are starting to dedicate more efforts to targeting people through these channels. While there have not been any major reported incidents of mobile banking fraud in the UAE, learning more about the risks involved will help you avoid them as the bad guys turn their attention to the region.
Careful when using unsecured networks
You have probably heard this before, never use a public or unsecured Wi-Fi network to access your bank account online. This includes airports, coffee shops, malls or the metro. However, this is even truer if you are using a banking app over an unsecured wireless network. While data encryption and security is very well developed for websites, mobile apps do not provide foolproof data encryption. This means there is an increased vulnerability of valuable information being intercepted compared to online banking websites.
Quality of reception matters
If you are using a data package from Etisalat or Du, odds are sometimes you experience a slower data connection when trying to get online through your smartphone. The speed of the data network depends on whether you are accessing an EDGE, 3G or 4G network. In addition to speed, the level of data encryption varies between each technology. 3G and 4G networks use more secure encryption algorithms, so accessing a mobile banking app is safer on more recent data network standards.
In addition, if you are experiencing poor reception and are trying to conduct a banking transaction, there is an increased chance that an unauthorized party could intercept sensitive data.
Password protection for your smartphone
Mobile banking apps make it easy to access your bank account at the click of a button to do anything from paying off a credit card or loan to sending a wire transfer. While this makes life easier, it also means that anyone with access to your phone can use these mobile apps as well. If you do not password protect your phone and you lose it, anyone can pick it up and log into your banking app. Some studies estimate that up to 40% of smartphone users do not use password protection on their phones.
As a second level of protection, it is recommended that you do not use the ‘auto-save password’ feature for your mobile banking app. To do this, simply select ‘no’ when your phone asks you if you would like it to remember your username and password when you are logging into the app. This way, even if someone were able to get past the lock screen on your mobile device, they would still need to know your online banking username and password to use the app.
This is a relatively new but rapidly growing issue. While we haven’t heard of any cases in the UAE yet, app store fraud is starting to increase. In 2013, global software security company McAfee identified ‘banking malware’ as the most popular threat among mobile software channels. There are several ways criminals can conduct mobile app fraud.
The first one is pretty basic, and we must admit quite creative. A few years ago, a mobile app developer in the United States created fake apps for approximately 40 banks. The aim was not to steal bank account information; rather the fraudster was charging USD 1.50 (approximately five Dirhams) per download. So before downloading a mobile banking app, check the source to confirm it is actually being provided by a UAE bank. It is very unusual for banks in the UAE to charge for an app download, so if it is not free, consider that an immediate red flag. Admittedly, Android smartphone users are at a higher risk of app fraud since there are many different app stores with varying verification standards. On the other hand, Apple’s App Store performs rigorous due diligence on every app before it publishes it.
The majority of UAE banks use a two-step authentication method that includes logging in to the mobile app, then using SMS messages to authenticate transactions. More sophisticated app fraud involve malicious software being unknowingly installed on your smartphone, then using SMS-forwarding malware to simulate these authentication text messages from the bank. This allows the thief to get all the necessary information to conduct transactions from your bank account.