Security21.04.2013

Mobile malware and your money

Absa NFC

You might have anti-virus software on your computer, but have you considered protecting your smartphone or device? According to the international software house for antivirus security solutions, G Data Software AG, on average 6 915 new malware strains were created every day in the second half of 2012.

The report states the number of new malware strains in the tools category, which includes online banking tools, has increased enormously in 2012.

Malware is software that is intended to damage or disable computers and mobile devices and includes viruses and Trojans, for example.

The prevalence of malware on mobile devices is increasing rapidly. According to the mobile security company NQ Mobile’s latest security report, released on Monday, malware on mobile increased 163% in 2012 compared with 2011.

This should perhaps be something that you consider when using your latest mobile banking app on your mobile smart device.

Almost all the big banks in the country have now launched an app with which you can transact from wherever you want. And although the banks indicate that thus far there has been no security breach or fraud specifically pertaining to the apps in use, their terms and conditions does cover them, amongst other things, against the liability if something might happen due to malware and viruses on your mobile device.

T’s and C’s apply

Nedbank’s app suite’s terms and conditions states that “while Nedbank will take all reasonable steps to apply appropriate security measures, the use of the Nedbank mobile application… may expose you to risk.” Nedbank then warns users that if they tamper with any operating system or browser software or other software packages on the device, the user’s confidential information may be exposed to the risk of access by unauthorised third parties.

Then, very clearly, the bank warns users that they indemnify Nedbank from any loss or damage as a result of viruses found on their mobile device that could affect the security of the app.

Standard Bank’s terms and conditions for its mobile banking app states almost the same and even warns that it cannot warrant or imply that any file, download or application is safe to use on a device and cannot guarantee that the file system does not contain software or data that can negatively affect the smart device, such as viruses for example.

Absa’s terms and conditions indicate that users acknowledge that the use of the access channel (app) is entirely at their own risk and that unless Absa has acted with gross negligence, the bank is not liable for any losses – even those incurred due to hardware or software malfunction.

You might think that the operating platform you use is safe. Some are definitely targeted less by malware than others, according to the latest F-secure Mobile Threat Report.

The report states that in 2012, 79% of the threats found were for the Android platform. Blackberry was at 0.3% and iOS for Apple users at 0.7% (see graph below). So, even if the threat is smaller, no matter which platform you use, you could be susceptible to malware and should be aware of the risk and your liability if this happens.

Local apps have had no incidents

In response to Moneyweb’s queries, Nedbank, Absa, FNB and Standard Bank have indicated that thus far the banks have seen no fraud or security incidents specifically in app banking. The Ombudsman for Banking Services’ office also told Moneyweb that it has not received any complaints to date where the apps specifically were used to defraud customers.

The F-Secure report shows that internationally, however, there have been incidents. In November last year the Berlin police warned citizens to review security updates that is delivered to their smartphones as they suspected an Android banking Trojan that could “inject” an additional form during online banking that ask for details from the customer. The F-Secure report also mentions other banking Trojans that can intercept the one-time pin (OTP) sent to mobile phones by the banks.

Should you use it?

The local banks remain adamant that their app security is on par with online banking security and that if customers remain vigilant about keeping their login details safe, the threat is diminished.

The fact of the matter is that, as with any banking channel used, there are risks involved of which customers should be aware. Just as you should be vigilant when transacting at an ATM, so you should be aware and careful when using online channels as fraudsters will also try and find new ways to steal money with the banks constantly upgrading and adapting their security measures to try and stop them.

Mobile threats

Mobile threats

Source: Moneyweb

More security articles

SA identity theft scam alert

Beware cellphone cyber-crime in South Africa: Norton

Bad online passwords: are you guilty?

SA hackers in court

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter