SlideShare a Scribd company logo

Mobile Banking Security Threats

Wultra
Wultra

This document discusses 5 types of attacks targeting mobile banking users in 2022 and provides recommendations for prevention. Attack Type 1 involves stealing money in a "Bazos attack" by pretending to pay for goods. Attack Type 2 involves distributing malware on mobile apps stores. Attack Type 3 involves stealing credentials to access multiple accounts from one device. Attack Type 4 involves hijacking accounts by rewriting recovery codes. Attack Type 5 involves repeatedly sending push notifications to overwhelm users. Prevention strategies include strengthening identity verification, limiting login attempts, detecting malware/multi-accounting, and clearly communicating with users.

Mobile
1 of 17
Download to read offline
ADDRESS Belehradska 858/23 120 00 Prague Czech Republic CONTACT hello@wultra.com www.wultra.com Mobile Banking and Lurking Security Threats for 2022
2 We help the leading banks and fintech companies to secure their digital systems and bring trust to customer journeys. 2014 Founded 550+ References 5 Regions Powered by
3 Mobile Security Mobile Banking Trusted Identity Transaction Signing Malware Protection Obfuscation & Integrity Protection Location Analysis Secure Digital Onboarding Behavioral Profiling Secure Application Runtime (RASP)
4 Mobile Banking COVID-19 pushed mobile banking forward as the primary digital banking channel.
5 5 Attack Types On Mobile Banking Users in 2022 Let's Get Started
6 Attack Type 1 Bazos Attack on 3DSecure Pretend to pay for goods while in fact stealing money and let the user confirm via push. Attack Technique: Communicate clearly the direction of the payment: "Confirm the payment of $500 …" vs. "You are sending $500 …" Prevention:
7 Attack Type 1 Legitimate Seller Fraudulent Buyer Can I send you money to your credit card? Sure, here is my card number, validity date and CVC.
9 Attack Type 2 Mobile Malware on Google Play Pretend to be a legitimate app and later, force the user to install banker malware. Attack Technique: Integrate persistent malware protection in your mobile banking app, and let the user uninstall malicious apps as soon as possible. Prevention:
10 Attack Type 2 January, 27 2022, Pradeo - https://blog.pradeo.com/vultur-malware-dropper-google-play
12 Attack Type 3 Multi-Account Gang Attacks Steal credentials of many victims, pair their accounts to mobile banking on your device. Attack Technique: Fortify the process for (re)activation by adding personal ID scan and server-side face biometry. Detect multi-accounting attempt. Prevention:
13 Attack Type 3 Personal ID Please take a picture of your personal ID from both sides. Front Side Back Side Continue Back Personal ID Scan Face Biometry Face Recognition ➜ Liveness Check ➜ Genuine Presence Check SMS OTP ➜ ➜
14 Attack Type 4 Recovery Code Account Hijacking Hack the mobile banking (phishing) and only rewrite the recovery codes to use them later. Attack Technique: Block recovery codes at your call center when customer calls. Notify clients about use of the recovery codes. Fortify the activation process. Prevention:
15 Attack Type 4 Fraudster Client Let me save the recovery data and unpair the app. I don't see any issue with my account…
17 Attack Type 5 Repeated Push To Annoy Users Send repeated push approval requests to eventually wear down the customer. Attack Technique: Implement throttling on login and approval attempts on per user / per device basis. Consider adding a QR code to the flow. Prevention:
18 Attack Type 5
19 Kill SMS OTP 1 Use SMS as an additional security element and information channel, not as a sole possession factor in strong customer authentication. Speak Clearly 2 Use clever copywriting. Whenever status of strong customer authentication changes, inform your customers so that they have a chance to react and reclaim security. Key Takeaways Be Proactive 3 Do not rely on security measures by Apple and Google. Use active in-app protection connected to a threat intelligence service to detect problematic situations or malware. Design Smart 4 Sometimes, a clever technology pick or a small adjustment of the process can improve the security significantly while having a minimal impact on user comfort. Dumb design causes troubles
Thank You! ADRESS Wultra s.r.o. Bělehradská 858/23 120 00 Prague Czech Republic EMAIL hello@wultra.com sales@wultra.com

Recommended

Wultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
KAI artificial intelligence powered pre-bid ad fraud prevention.
KAI artificial intelligence powered pre-bid ad fraud prevention.KAI artificial intelligence powered pre-bid ad fraud prevention.
KAI artificial intelligence powered pre-bid ad fraud prevention.Kubient
 
Qr codes
Qr codesQr codes
Qr codesRonan Dunne, CEH, SSCP
 
Lunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesLunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
Rise of Cyber Frauds in Digital Banking - eScan
Rise of Cyber Frauds in Digital Banking - eScanRise of Cyber Frauds in Digital Banking - eScan
Rise of Cyber Frauds in Digital Banking - eScanMicroWorld Software Services Pvt Ltd
 

Recommended

Wultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra: Mobile Application Security
Wultra: Mobile Application SecurityWultra
 
Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?Are Mobile Banking Apps Safe?
Are Mobile Banking Apps Safe?VISTA InfoSec
 
KAI artificial intelligence powered pre-bid ad fraud prevention.
KAI artificial intelligence powered pre-bid ad fraud prevention.KAI artificial intelligence powered pre-bid ad fraud prevention.
KAI artificial intelligence powered pre-bid ad fraud prevention.Kubient
 
Qr codes
Qr codesQr codes
Qr codesRonan Dunne, CEH, SSCP
 
Lunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesLunch and Learn: Fraud Trends in Financial Services
Lunch and Learn: Fraud Trends in Financial ServicesTransUnion
 
2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS Breach2014 Cybercrime Roundup: The Year of the POS Breach
2014 Cybercrime Roundup: The Year of the POS BreachEMC
 
RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014RSA Online Fraud Report - August 2014
RSA Online Fraud Report - August 2014EMC
 
Rise of Cyber Frauds in Digital Banking - eScan
Rise of Cyber Frauds in Digital Banking - eScanRise of Cyber Frauds in Digital Banking - eScan
Rise of Cyber Frauds in Digital Banking - eScanMicroWorld Software Services Pvt Ltd
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attackijtsrd
 
Sim swapping
Sim swappingSim swapping
Sim swappinglalakis2001
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
Distil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony IndustryDistil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony IndustryPaul Hobbs
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.DATA SECURITY SOLUTIONS
 
Phishing
PhishingPhishing
PhishingMaheshwar Singh
 
Digital Banking Fraud
Digital Banking FraudDigital Banking Fraud
Digital Banking FraudVictoria Cao
 
RSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationRSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationjuan_h
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
Charg ezppt
Charg ezpptCharg ezppt
Charg ezpptRosalyn Commisso
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentationJaimin Sanghvi
 
08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sectorChristos Laganas
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security
 
Online financial fraud infographic
Online financial fraud infographicOnline financial fraud infographic
Online financial fraud infographicPrayukth K V
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Biometrics - Future of Authentication
Biometrics - Future of AuthenticationBiometrics - Future of Authentication
Biometrics - Future of AuthenticationTony Chew
 
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!Caroline Johnson
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptxdarrengracia
 

More Related Content

What's hot

Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attackijtsrd
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsDR.P.S.JAGADEESH KUMAR
 
Distil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony IndustryDistil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony IndustryPaul Hobbs
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTIONumme ayesha
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.DATA SECURITY SOLUTIONS
 
Digital Banking Fraud
Digital Banking FraudDigital Banking Fraud
Digital Banking FraudVictoria Cao
 
RSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationRSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationjuan_h
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentationJaimin Sanghvi
 
08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sectorChristos Laganas
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security
 
Online financial fraud infographic
Online financial fraud infographicOnline financial fraud infographic
Online financial fraud infographicPrayukth K V
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Biometrics - Future of Authentication
Biometrics - Future of AuthenticationBiometrics - Future of Authentication
Biometrics - Future of AuthenticationTony Chew
 

What's hot (20)

Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attack
 
Sim swapping
Sim swappingSim swapping
Sim swapping
 
New Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking ApplicationsNew Malicious Attacks on Mobile Banking Applications
New Malicious Attacks on Mobile Banking Applications
 
Distil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony IndustryDistil Networks Protecting the Telephony Industry
Distil Networks Protecting the Telephony Industry
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
HinDroid
HinDroidHinDroid
HinDroid
 
Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.Let's hack your mobile device. Yes we can. And many other do.
Let's hack your mobile device. Yes we can. And many other do.
 
Phishing
PhishingPhishing
Phishing
 
Digital Banking Fraud
Digital Banking FraudDigital Banking Fraud
Digital Banking Fraud
 
RSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operationRSA - Behind the scenes of a fake token mobile app operation
RSA - Behind the scenes of a fake token mobile app operation
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An Introduction
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
Charg ezppt
Charg ezpptCharg ezppt
Charg ezppt
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentation
 
08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector08 notable-security-incidents-in-the-finance-sector
08 notable-security-incidents-in-the-finance-sector
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
 
Panda Security - The Hotel Hijackers
Panda Security - The Hotel HijackersPanda Security - The Hotel Hijackers
Panda Security - The Hotel Hijackers
 
Online financial fraud infographic
Online financial fraud infographicOnline financial fraud infographic
Online financial fraud infographic
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_report
 
Biometrics - Future of Authentication
Biometrics - Future of AuthenticationBiometrics - Future of Authentication
Biometrics - Future of Authentication
 

Similar to Mobile Banking Security Threats

What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!Caroline Johnson
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptxdarrengracia
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdfMerchantech - Payment Processing Services
 
Can people hack your Cash App.pdf
Can people hack your Cash App.pdfCan people hack your Cash App.pdf
Can people hack your Cash App.pdfadelinasmith
 
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...Money 2Conf
 
How to Stay Safe While Using Digital Payment Apps
How to Stay Safe While Using Digital Payment AppsHow to Stay Safe While Using Digital Payment Apps
How to Stay Safe While Using Digital Payment AppsSafeDeposit
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxFTx Identity
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudTransUnion
 
Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention CMR WORLD TECH
 
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...CXO 2.0 Conference
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISRAHUL KUMAR
 
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...Alan Quayle
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Fusion Informatics
 
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...Naomi Cequens
 
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...apidays
 

Similar to Mobile Banking Security Threats (20)

What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
What All You Need To Know About Multi-Factor Authentication & IVR in Banking!
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
 
Can people hack your Cash App.pdf
Can people hack your Cash App.pdfCan people hack your Cash App.pdf
Can people hack your Cash App.pdf
 
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...
Neo Banks: Scam, Fraud, and Prevention Ways: Money 2.0 Conference Reviews Thi...
 
How to Stay Safe While Using Digital Payment Apps
How to Stay Safe While Using Digital Payment AppsHow to Stay Safe While Using Digital Payment Apps
How to Stay Safe While Using Digital Payment Apps
 
Infographic - What is Vishing?
Infographic - What is Vishing?Infographic - What is Vishing?
Infographic - What is Vishing?
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
 
Creating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online FraudCreating a Winning Experience While Battling Online Fraud
Creating a Winning Experience While Battling Online Fraud
 
Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention Winning the war on cybercrime keys to holistic fraud prevention
Winning the war on cybercrime keys to holistic fraud prevention
 
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
Payments Fraud Prevention: Legit Strategies For CFOs By CXO 2.0 Conference Ex...
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
INTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSISINTERNET BANKING & SECURITY ANALYSIS
INTERNET BANKING & SECURITY ANALYSIS
 
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...
Fighting Fraud and Delivering Frictionless Customer Experience in the Contact...
 
Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020Overcome Security Threats Affecting Mobile Financial Solutions 2020
Overcome Security Threats Affecting Mobile Financial Solutions 2020
 
m:Cypher overview
m:Cypher overviewm:Cypher overview
m:Cypher overview
 
Beware.pdf
Beware.pdfBeware.pdf
Beware.pdf
 
The guide to combatting cross channel fraud
The guide to combatting cross channel fraudThe guide to combatting cross channel fraud
The guide to combatting cross channel fraud
 
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...
7 Powerful Ways Financial Institutions Can Leverage SMS APIs for Enhanced Sec...
 
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...
apidays LIVE JAKARTA - Deliver A Dynamic & Secured Buying Experience by Shara...
 

More from Wultra

FIDO2 - The Easiest Path to Strong Authentication
FIDO2 - The Easiest Path to Strong AuthenticationFIDO2 - The Easiest Path to Strong Authentication
FIDO2 - The Easiest Path to Strong AuthenticationWultra
 
Modern mobile identity: Moving away from SMS-based authentication
Modern mobile identity: Moving away from SMS-based authenticationModern mobile identity: Moving away from SMS-based authentication
Modern mobile identity: Moving away from SMS-based authenticationWultra
 
Time to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingTime to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingWultra
 
Combating Financial Fraud and Cyber-Crime on Mobile
Combating Financial Fraud and Cyber-Crime on MobileCombating Financial Fraud and Cyber-Crime on Mobile
Combating Financial Fraud and Cyber-Crime on MobileWultra
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWultra
 
Introduction - Bank Business Card
Introduction - Bank Business CardIntroduction - Bank Business Card
Introduction - Bank Business CardWultra
 
How to Secure The Mobile Banking - Guide for 2019
How to Secure The Mobile Banking - Guide for 2019How to Secure The Mobile Banking - Guide for 2019
How to Secure The Mobile Banking - Guide for 2019Wultra
 

More from Wultra (7)

FIDO2 - The Easiest Path to Strong Authentication
FIDO2 - The Easiest Path to Strong AuthenticationFIDO2 - The Easiest Path to Strong Authentication
FIDO2 - The Easiest Path to Strong Authentication
 
Modern mobile identity: Moving away from SMS-based authentication
Modern mobile identity: Moving away from SMS-based authenticationModern mobile identity: Moving away from SMS-based authentication
Modern mobile identity: Moving away from SMS-based authentication
 
Time to Rethink Mobile Onboarding
Time to Rethink Mobile OnboardingTime to Rethink Mobile Onboarding
Time to Rethink Mobile Onboarding
 
Combating Financial Fraud and Cyber-Crime on Mobile
Combating Financial Fraud and Cyber-Crime on MobileCombating Financial Fraud and Cyber-Crime on Mobile
Combating Financial Fraud and Cyber-Crime on Mobile
 
Webinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking AppsWebinar: Securing Mobile Banking Apps
Webinar: Securing Mobile Banking Apps
 
Introduction - Bank Business Card
Introduction - Bank Business CardIntroduction - Bank Business Card
Introduction - Bank Business Card
 
How to Secure The Mobile Banking - Guide for 2019
How to Secure The Mobile Banking - Guide for 2019How to Secure The Mobile Banking - Guide for 2019
How to Secure The Mobile Banking - Guide for 2019
 

Recently uploaded

Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 

Recently uploaded (7)

Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 

Mobile Banking Security Threats

  • 1. ADDRESS Belehradska 858/23 120 00 Prague Czech Republic CONTACT hello@wultra.com www.wultra.com Mobile Banking and Lurking Security Threats for 2022
  • 2. 2 We help the leading banks and fintech companies to secure their digital systems and bring trust to customer journeys. 2014 Founded 550+ References 5 Regions Powered by
  • 3. 3 Mobile Security Mobile Banking Trusted Identity Transaction Signing Malware Protection Obfuscation & Integrity Protection Location Analysis Secure Digital Onboarding Behavioral Profiling Secure Application Runtime (RASP)
  • 4. 4 Mobile Banking COVID-19 pushed mobile banking forward as the primary digital banking channel.
  • 5. 5 5 Attack Types On Mobile Banking Users in 2022 Let's Get Started
  • 6. 6 Attack Type 1 Bazos Attack on 3DSecure Pretend to pay for goods while in fact stealing money and let the user confirm via push. Attack Technique: Communicate clearly the direction of the payment: "Confirm the payment of $500 …" vs. "You are sending $500 …" Prevention:
  • 7. 7 Attack Type 1 Legitimate Seller Fraudulent Buyer Can I send you money to your credit card? Sure, here is my card number, validity date and CVC.
  • 8. 9 Attack Type 2 Mobile Malware on Google Play Pretend to be a legitimate app and later, force the user to install banker malware. Attack Technique: Integrate persistent malware protection in your mobile banking app, and let the user uninstall malicious apps as soon as possible. Prevention:
  • 9. 10 Attack Type 2 January, 27 2022, Pradeo - https://blog.pradeo.com/vultur-malware-dropper-google-play
  • 10. 12 Attack Type 3 Multi-Account Gang Attacks Steal credentials of many victims, pair their accounts to mobile banking on your device. Attack Technique: Fortify the process for (re)activation by adding personal ID scan and server-side face biometry. Detect multi-accounting attempt. Prevention:
  • 11. 13 Attack Type 3 Personal ID Please take a picture of your personal ID from both sides. Front Side Back Side Continue Back Personal ID Scan Face Biometry Face Recognition ➜ Liveness Check ➜ Genuine Presence Check SMS OTP ➜ ➜
  • 12. 14 Attack Type 4 Recovery Code Account Hijacking Hack the mobile banking (phishing) and only rewrite the recovery codes to use them later. Attack Technique: Block recovery codes at your call center when customer calls. Notify clients about use of the recovery codes. Fortify the activation process. Prevention:
  • 13. 15 Attack Type 4 Fraudster Client Let me save the recovery data and unpair the app. I don't see any issue with my account…
  • 14. 17 Attack Type 5 Repeated Push To Annoy Users Send repeated push approval requests to eventually wear down the customer. Attack Technique: Implement throttling on login and approval attempts on per user / per device basis. Consider adding a QR code to the flow. Prevention:
  • 16. 19 Kill SMS OTP 1 Use SMS as an additional security element and information channel, not as a sole possession factor in strong customer authentication. Speak Clearly 2 Use clever copywriting. Whenever status of strong customer authentication changes, inform your customers so that they have a chance to react and reclaim security. Key Takeaways Be Proactive 3 Do not rely on security measures by Apple and Google. Use active in-app protection connected to a threat intelligence service to detect problematic situations or malware. Design Smart 4 Sometimes, a clever technology pick or a small adjustment of the process can improve the security significantly while having a minimal impact on user comfort. Dumb design causes troubles
  • 17. Thank You! ADRESS Wultra s.r.o. Bělehradská 858/23 120 00 Prague Czech Republic EMAIL hello@wultra.com sales@wultra.com