November 14, 2014 -
This week, Nok Nok Labs and Javelin Strategy & Research, released the findings of a new research report entitled: “Smartphones, Tablets, and Fraud: When Apathy Meets Security”.
The report, sponsored by Nok Nok Labs, found that consumer apathy around mobile security has led to insecure personal data on mobile devices.
The report notes that at least six in 10 mobile users reuse passwords across multiple accounts. As a result, the prioritization of convenience over security in online authentication has led to consumer vulnerability and the emerging of a pervasive threat to online data.
Javelin Strategy & Research maintains that passwords remain a critical roadblock to online account security. According to Al Pascual, a Senior Analyst at Javelin, focused on fraud and security, and author of the report: “We are in a tough spot with security. This point is not lost on consumers or businesses, but reliance on password techniques that are 20 years old are not making things work. The use of passwords is a subpar condition, and the industry does eventually need to transition to new security opportunities presented by mobile technology.”
The study, which includes results from 5,634 adults over age 18 in the United States, found that Android, iOS, and Windows mobile users are undermining their security by reusing passwords more often than the average consumer.
These mobile users are about 25 percent more likely than all consumers to use the same password to access more than one online account. This motivates criminals to target them and their devices to secure credentials with the expectation that they will facilitate access to a variety of the victim’s valuable accounts and services.
As a consequence, Android and iOS users face a significantly higher rate of fraud than the average consumer, for different reasons. Users in both camps display similarly poor password and security habits, which are contributing to their risk of being victimized. More specifically, it is mobile malware that is spurring the fraud experienced by Android users, while the attractiveness of iOS users’ income has made Apple user targets of fraudulent activity.
The report also found that heavy reliance on one‐time passwords is placing Android users’ financial accounts at risk. Forty‐one percent of Android users take advantage of one‐time passwords with their financial accounts. The prevalence of mobile malware for Android capable of intercepting these one-time password sent by text or SMS is contributing to the rate of fraud these users experience.
A special report that will be released in the near-future by Biometrics Research Group, Inc. on biometrics and the banking industry will note that increased security requirements, which will include the use of biometric technologies, will be driven by increasing identity theft and other banking fraud. The BiometricUpdate.com report projects that the implementation of new biometric technologies in the banking industry has the potential to cut a financial institution’s operational risks by at least 20 percent over the next 10 years as the technology becomes more widely adopted.
The Javelin report has found that consumers actually want to use such biometric technologies, and specifically, mobile users like using fingerprint authentication, which bodes well for Apple and Samsung. Recent attempts by Apple and Samsung to expand fingerprint‐based authentication is thus likely to be well‐received and will subsequently bolster the preference for this modality.
In an exclusive interview, Pascual noted that: “While mobile devices incentivizes us to act at our worst, mobile devices can also allow us to move beyond the password. In the past, cost factors and integration had placed the use of biometrics as an alternative form of authentication out of reach. But with the emergence of new mobile phones with integrated biometrics, we will be able to undo the problems associated with password.”
“This report highlights a fact that we all know: that mobile users are at critical risk for fraud and identity theft,” stated Phillip Dunkelberger, President & CEO, Nok Nok Labs in a prepared statement. “We have to shift our focus as an industry and make security as important as convenience, without making the technology difficult for consumers to use. The study shows that consumers are willing to adopt biometric methods of authentication which could play a major role in breaking down these barriers to secure authentication.”
The Javelin report reflects the industry consensus that passwords are an outmoded line of defence for mobile users, especially for their banking and commerce applications. Recently, a White House official said that biometric authentication should replace passwords. Pascual also suggested during our exclusive interview that the advancement of new security frameworks by the FIDO Alliance will bode well for both consumers and industry.