are smartphone banking apps safe?
Crime and cybercrime are on the rise. The numbers are alarming. especially what is related with banking apps to We live today under the constant threat of these plagues. More than 90,000 victims were assisted on the cybermalveillance.gouv.fr platform in 2019 compared to 28,855 in 2018, an increase of more than 210%. Among these victims, 90% are individuals. Among these acts of delinquency, mention should be made of the theft and hacking of smartphones. The latest study published by the National Observatory of Delinquency and Criminal Responses (ONDRP) reported 775,000 complaints of smartphone theft.
According to the “Living environment and security,” surveys carried out jointly by INSEE and ONDRP with the assistance of the Ministerial Statistical Service for Internal Security (SSMSI), women and young people are the first victims. Cybercrime in the banking sector is based on new potential flaws linked to the explosion of data (big data or “big data “), the growing use of mobiles and banking apps, the development of APIs (Application Programming Interface), etc.
Faced with the digitization of banking services, hackers are increasingly inventive and the risk of fraud is increasing. Furthermore, the race towards all-digital will increase the digital divide.
1\. Banking innovations for the sad happiness of cyber criminals
A. Development of mobile telephony
Thirty years ago, banking relationships were mainly carried out in branches, through advisers. The democratization of smartphones has changed the banking landscape. Now, consumers are getting excited about online banking. Therefore, banks are facing the challenge of digital transformation from two angles: the increase in cybercrime and the enthusiasm of individuals forever more digitization of banking services.
According to the French Banking Federation, 55% of French people have downloaded at least one banking apps. 89% of them consult it at least once a week and nearly half of them every day, whether to follow the evolution of their accounts, manage their budget, or their transactions. Smartphones are gradually metamorphosing into a universal payment tool.
During an interview granted on November 25, 2015, to the Magazine des professions financiers, Marie-Anne Barbat-Layani, former Managing Director of the French Banking Federation (FBF), affirmed that “digital is a real challenge and a great opportunity because banks have a great tradition of innovation “
. For their part, as we have seen previously, the French increasingly use the Internet to consult their accounts, obtain information on banking products and services, or carry out all kinds of simple or complex operations. Today, all these operations are carried out in one click. From their online bank or mobile application, the customer has a complete banking service available at any time to carry out all day-to-day operations from anywhere.
The number of functionalities of the applications of remote banking establishments intended for smartphones is constantly increasing. In this respect, banking apps will appeal to smartphone addicts thanks to its design (“design ), its speed, and its simplicity. Mobile banking is on the rise. In addition, with the implementation of the European directive on banking security (directive on payment services/PSD2), banks strongly encourage their customers to use a recent smartphone equipped with an American operating system.
Those who do not have one may no longer be able to access their online account. For example, since January 20, 2020, some Crédit Mutuel customers have had the unpleasant surprise of not being able to connect to their accounts. The bank now requires the customer to download an app to their mobile phone.
Otherwise, access to the account is denied. Many trapped customers called Crédit Mutuel defended themselves by taking refuge behind the DSP2. In reality, this establishment forces the hand and requires its customers to have a smartphone because since 2005 it has been offering mobile phones. In 2011, it generated a turnover of 320 million euros by equipping more than one million customers with an NRJ mobile package. This offer is not a bank’s first foray into mobile telephony: applications for smartphones are now widespread from one bank to another and range from simple reminders of emergency numbers to consulting accounts and the location of ATMs.
B. Main applications
With the advent of smartphones, banks have developed their own applications, such as consultation of bank accounts, payment including contactless payment, transfer, cash withdrawal from cash dispensers (DAB) by mobile, and soon Contactless ATMs.
- Concerning contactless payment by mobile phone (M. payment or mobile payment), it aims in particular to transform his mobile phone equipped with an NFC chip into a payment device, similar to an electronic wallet, from which a consumer can make payments, carry out mobile-to-mobile financial transactions or even equip themselves with banking apps for any type of transaction. In the case of contactless payment based on NFC technology, the mobile acts as a contactless payment card This means that if a mobile phone is equipped with the NFC system and the phone holder’s bank offers a mobile phone payment service, it is possible to make low-value purchases with a ceiling of 50 euros per transaction. as for the bank card without the need to enter the confidential code, to sign and to present an identity document.
- With regard to banknote withdrawals by mobile phone, since 2014 some banking establishments have implemented systems that allow their customers to make withdrawals at certain ATMs by generating a single-use code accessible on their mobile. Like abroad, contactless ticket machines are currently being tested in France. They will allow you to withdraw money using your smartphone. To collect the tickets, the customer must first validate the withdrawal on his phone and then use the screen of his phone to scan the QR code appearing on the ATM.
These innovations are a boon for ever more ingenious pirates. Indeed, the latter demonstrate ingenuity and an ever greater organization in the face of the rapid development of technologies, which can bring new vulnerabilities.
2\. Smartphone Security in Banking
As highlighted in the annual report on the security of means of payment – The financial year 2018, “the major security issue for mobile payments concerns the protection of data used to initiate transactions. The innovation and maturity of data security solutions have contributed significantly to the recent boom in mobile payments “. However, smartphones do not offer a sufficient level of security and scams are numerous.
A. Smartphone banking scams
Today, the French are crazy about their banking apps, which is one of the three essential mobile applications for smartphones to monitor their accounts or make transfers. According to the OpinionWAY Institute, opening it in the morning would be the first action of around a quarter of citizens. But what about the security of bank mobile apps?
While mobile banking apps have become a staple in smartphones, they aren’t nearly as secure as some people think. Smartphone banking scams are numerous. As part of a study devoted to the state of the art of banking malware (“malware”) from February 2019 entitled “Android banking malware: Sophisticated vs. Fake banking apps ”, researchers from ESET confirmed that fake banking apps and Trojans constitute the bulk of mobile banking threats. In November 2019, the French Association of Bank Users (AFUB) alerted to the technique of sending a fraudulent SMS intended to empty a bank account.
According to Jean-Michel Merlot, security specialist at Eset, the smartphone is, by nature, less secure than a PC. For the latter, “a keylogger (see glossary) can more easily enter the mobile and record the movement of the keys when entering a password “. He declares: “I would never do a banking transaction from a mobile phone “.
According to a study carried out by Pradeo, a specialist in securing apps and mobile devices (smartphones, tablets, connected objects), these apps and mobile devices are likely to expose their users to cyber-attacks. This study confirms that smartphones are often less protected than computers and they can be subject to greater security vulnerabilities. In August 2017, cryptography researchers from the Zurich University of Technology (ETH Zurich) found a major security flaw in the Android operating system. This flaw allowed access to thousands of smartphones without the knowledge of their users.
These same researchers have just published a scientific article in early September 2020 describing how they managed to circumvent the security of the EMV bank card payment protocol to pay contactless, via a smartphone, for any purchase in a physical store. As part of their experiment, they took two NFC-compatible smartphones (near-field communication) and installed an application developed for the occasion. Thanks to NFC technology, the first mobile phone can read the bank card information and transfer it to the second mobile phone with which it is possible to make the purchase.
When it comes to smartphone security, it should also be remembered that NFC technology is hackable. Indeed, wireless communication can be intercepted remotely, by a hacker equipped with an NFC reader or integrated into a smartphone. In 2011, Renaud Lifchiz, a security engineer at British Telecom, demonstrated that with an NFC USB key, or a smartphone, it was possible to capture the waves… and access personal data.
Finally, we have seen previously that contactless payment makes it possible to pay for a purchase by bringing the bank card or mobile phone equipped with an NFC chip closer than 4 centimeters from a terminal without entering your confidential code, without signing, and without the presence of an identity document. We can imagine the consequences of a lack of authentication in the event of loss or theft.
B. Which device to use: a secure bank site or banking apps?
To the question of whether it is not preferable to use the official and secure website of your bank rather than a mobile “app”, we would tend to answer that it is safer to carry out their banking transactions via their bank’s website. For questions of available resources, antiviruses for PC are more powerful.
Mobile devices (smartphones, iPhones, etc.) have become the favorite target of hackers. For cybersecurity specialists, “we are not yet sufficiently aware of the vulnerability of smartphones to hacker attacks “. In total, “the smartphone is the weak link in computer security ».
3\. Digitization of banking services and the digital divide
A. The digital divide (or digital gap) in France
Elie Michel in the digital divide – The Internet, a factor of new inequalities defines the digital divide as “unequal opportunities to access and contribute to information, knowledge, and networks, as well as to benefit from the major development capacities offered by ICTs. These elements are some of the most visible of the digital divide, which in reality translates into a combination of broader socio-economic factors, in particular the lack of infrastructure, the high cost of access, the lack of local creation of content, and the uneven ability to benefit economically and socially from information-intensive activities.
According to the 2019 digital barometer, the smartphone has established itself as the reference mobile and is breaking records. 75% of French people have a smartphone and nearly half of them use it as their preferred device to connect to the Internet. But the digital divide is still present. The latter is not denied in the territories due in particular to faulty mobile coverage. 14% of people who live in rural communities say they very often have difficulty calling, sending, or receiving text messages. Consequently, the rate of smartphone equipment suffers. Beyond the technical difficulties of access to technology in certain territories, some French people remain excluded from these technologies.
“Digital illiteracy” or “electronically (contraction of illiteracy and electronics) concerns 13 million French people, i.e. around 20% of the population. In particular, beyond a divide between generations, which affects the elderly, we must also mention the weight of the cultural gap, that is to say, the ability to mobilize skills in order to master computer and digital tools. The debate on the digital divide has shifted: from inequalities linked to access to ICTs, we have moved on to social inequalities linked to their use.
“The key issue then becomes not unequal access to computers, but the unequal ways in which computers are used. (Warschauer). In other words, the digital divide helps feed another divide: the cognitive divide (see glossary). Fabrice Le Guel, research engineer at Paris-Sud University defines the latter as “inequalities in terms of knowledge and technical skills needed to benefit from ICTs”.
The ability to use ICT effectively and autonomously called digital skills (or “new economic culture” or “digital literacy”) has three levels:
- Instrumental skills that relate to the manipulation of hardware and software.
- Structural or informational skills that concern the new way of entering online content, i.e. searching, selecting, understanding, evaluating, and processing information.
- Strategic skills relate to the ability to use information proactively, to make sense of it in one’s own living environment, and to make decisions in order to act in one’s professional and personal environment.
B. What about the digitally excluded or those reluctant to banking apps (“mobile banking »)?
The ever-increasing development of banking apps will exclude people who are digitally excluded, individuals who experience a feeling of digital exclusion linked to a lack of mastery of IT tools, and the reluctant who do not trust security.
- To illustrate the problem of the digitally excluded, let’s take the example of contactless payment since the start of the health crisis.
With the Covid-19 crisis, we see the inscription “payment by credit card only “. They refuse cash payments. The fact that a purchase paid for by means of a contactless payment is considered a “barrier gesture” does not authorize a merchant to refuse payment in cash. Indeed, as Erick Lacourrège, Director General of Economic Services and Network of the Banque de France points out, this trader is in an act of illegality and discrimination. Illegality because only cash is legal tender in France and discrimination because “cash is very often the only possible means of payment for the most vulnerable populations: more than four million French people are beneficiaries each month of social benefits paid, a very large proportion in cash.
It is vital that they can continue to make their purchases with this means of payment “. Moreover, the practice of prohibiting cash payments within a business amounts to excluding people who do not have other means of payment such as minors, protected adults, and homeless people.
- Everything digital is in the process of isolating not only fragile populations (the elderly, people who are not well equipped, etc.) but also individuals who experience a feeling of digital exclusion linked to a lack of mastery of digital tools. computers. In other words, all individuals feel increasingly out of step with a lack of comfort in using the Internet and digital tools. In a white paper entitled “L’illectronisme » published in June 2019, Stéphanie Laffargue of the CSA Institute reveals that «almost a quarter of French people (23%) are not comfortable with digital technology, i.e. around 11 million people “. She adds that some French people she calls “the abandoners » give up certain essential steps in their daily life because they have to use the Internet and they are not able.
- Finally, banking apps will come up against reluctant people who have doubts about security and fear ever-increasing fraud.
4\. **Conclusion**
The smartphone is no longer just a device for receiving or making calls. It has become the nerve center giving access to whole sections of our private lives. It is the key to all kinds of scams and scams, especially in banking. Some speak of “Smartvol” to loot bank accounts.
Due to the analysis that has been made in this article, it does not seem desirable for the smartphone to become the dominant means of payment. The enthusiasm for the digitization of banking services should not make us lose sight of the explosion of violent mobile phone thefts and banking cybercrime whose customers are the main target of hackers.
What are we doing to fight against all these criminal acts which not only degrade the lives of French people but which are very expensive for the nation and lead to the disintegration of our society? Some dare to deny them or minimize them by wrongly using the term “incivility”. It is high time to react to prevent France from sinking into chaos.
5\. **Glossary**
Mobile banking (“mobile banking » or « M. banking ”): All the banking operations that can be carried out from a smartphone, an iPhone, etc.
Confidential PIN code (“Personal Identification Number ”): Strictly personal numeric character string used in an information system to uniquely identify a user.
Near field communication (“Near Field Communication/NFC “): Technology for exchanging data between different chips separated by a distance of a few centimeters.
Note: Near Field Communication is an application of Radio Frequency Identification (RFID) technologies.
Cybercrime: All criminal offenses committed via computer networks, in particular on the Internet.
EMV (« Europay Mastercard Visa ”): Smart card standard, the concept of which was launched in 1997 by the international networks Europay, Mastercard, and Visa.
Keylogger (“keylogger ”): Device designed to record the succession of keystrokes made by a user on a keyboard. Note: The keylogger can be a malicious program, which operates without the knowledge of the user and allows, for example, his password.
Flaw: “Vulnerability in a computer system allowing an attacker to affect its normal operation, the confidentiality or the integrity of the data it contains”. (Source: National Information Systems Security Agency).
Cognitive fracture: Inequalities in the use of ICT.
Digital divide: Unequal access to ICTs.
Mega data (“big data”): “Phenomenon that refers to accessible technologies, tools, processes, and procedures, allowing an organization to create, manipulate and manage very large amounts of data, in order to facilitate rapid decision-making ».