Mobile phones are central to our lives today. Nearly all (98%) of 16-54-year-olds own a smartphone, while 59% of workers choose their phone over a laptop or desktop to run their business.
We only need to look at financial services to see how central phones are. A survey found that more than three-quarters (78%) of mobile owners use their phones for banking, with 51% using a digital wallet. That’s before we consider fintechs – whether focusing on consumers or businesses, most offer their products through a mobile-based app.
Statements, transactions, applying for services; it’s right there in our hands. It’s transforming the banking experience for so many people, giving them better control and access to their finances.
Theft – more than just losing a phone
There’s a downside, of course. Mobile phone theft is nothing new, but what is shocking is the recent surge: in the year to March 2024, 78,000 people in the UK had their mobile phones stolen—an astonishing 152% increase from the previous year.
Fifteen years ago, losing a phone was upsetting and frustrating, but as long as you told your provider (and avoided anyone racking up expensive charges), you were all set once you had a new device. Nowadays, losing your mobile is like losing your keys. If those keys had not just your address but directions to your home or work and where everything valuable was.
There’s all the personal identifiable information (PII) that’s stored on it or accessed through it. You might not have your date of birth in your calendar, but you’ll likely have at least one message somewhere that wishes you a happy birthday.
Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Company Profile – free
sample
Thank you!
Your download email will arrive shortly
We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form
By GlobalData
Then there’s the threat if it’s a work phone, with access to confidential company data and other identifiers that could be used as part of more sophisticated attacks, such as deep fakes. Depending on the role of the individual that lost the phone, there might be company social media accounts, accountancy software or banking apps, all available to the thief.
It’s fairly simple: with an unlocked phone, a thief can wreak havoc whether it’s a personal or work phone: using PII for identity theft, accessing social media and emails, and even draining bank accounts.
The mobile as a weak link
Many apps and services employ measures such as biometrics or two-factor authentication (2FA). The problem is that the phone is how we use these measures; if a thief has seen someone enter their PIN, they have a way around most standard defences.
Only a third (36%) of respondents to our survey said the PIN they use for apps is always different from that of their phone; even if they use different PINs, many apps stay open and allow criminals to change log-in and ID details.
The impact of losing a phone hasn’t gone unnoticed. The government has pledged to crack down on these snatch thefts, with calls for a kill switch that would quickly and permanently disable stolen phones. Not only would this render them useless for resale, but it would also help restrict access to the device’s apps and services.
But for that to be successful, everyone, from phone manufacturer to application owner, has to collaborate. And that includes fintechs and banks.
The need for collaboration in innovation and education
There are two parts to banks’ role in improving mobile security: technical and social.
From a technical perspective, several innovations are available that can and should be deployed to safeguard accounts. AI-powered services can monitor transactions and provide advanced security measures to quickly identify unusual or fraudulent banking activities. This isn’t about having warnings flash upon in-app as a transaction takes place. It’s being able to identify irregular patterns in user activities and trigger security alerts for changes in swipe patterns or typing speed.
Socially, banks and fintechs must use their relationships with customers to educate. They need to continuously talk about both the basics of mobile security and threats such as ‘shoulder surfing’, SIM swaps, identity theft and fake banking ajpps.
Those basics would include thinking about behaviour such as using a PIN in public, how many of their services have the same or similar codes, keeping phones updated to plug vulnerabilities and protect against malware, avoiding using public WiFi (and never for financial activities), and logging out of apps when they’re finished (or enabling automatic closing).
People rarely change problematic behaviour until they’ve had a bad experience. So, the focus should be on raising awareness of smartphone theft and the need for better individual security practices.
Collective responsibility for better secure
Mobile banking security is a collective responsibility. That means a collaborative effort from banking, finance, mobile, and government parties to improve customer education and understanding. Mobile owners need to be vigilant, conscious of how secure their daily behaviours are, and aware of how criminals act. In other parts of financial security, we get warnings about the risks of transferring money to people we don’t know or about being aware of people standing too close when using a cash machine or card reader. We need that same communication from banks and fintechs when it comes to the risks of mobile theft and using PINs to unlock devices.
Ultimately, without collaboration to educate and advise mobile users, this problem will continue to escalate, costing everyone dearly.
James O’Sullivan is CEO, Nuke From Orbit
