Many apps, tools, and data can be used to access a person's money, and scammers will always target these entities. Even though nearly 200 million Americans use bank apps for checking their balances and depositing checks, transferring money between accounts, and paying bills securely, not everyone is so fortunate.
It is a fact that these apps tend to share more data than it may seem necessary to share, according to Merchant Machine, a professional data analytics firm. There is a new research, published in September 2023, which suggests that the average app asks for 20 types of data in total, as shown in 204 applications, each with over 5000 reviews by users.
The collection of some of these data is legitimate for the sake of providing a better service, but much of it goes to fuel marketing and profiling efforts.
Essentially, mobile banking means that users can access their accounts by using the app available from their bank.
There is a big difference here between online banking, which involves logging on to the bank's website through the phone's browser or directly through the device's browser to access the account.
The mobile banking industry was already booming well before the COVID-19 lockdowns occurred. There was 33 per cent of bank customers who used a mobile app before the pandemic, according to the American Bankers Association survey that was conducted for their benefit.
The number of bank customers using mobile apps today has risen from 44 per cent to 48 per cent.
When users use an app, they are much less likely to fall victim to phishing sites that look like their bank's login page or to get their Wi-Fi network and passwords intercepted as they enter them online.
However, the ability to create phishing sites or intercept users' Wi-Fi networks when they use an app is much harder to achieve.
To prevent users from being scammed, mobile bank apps need to verify them by using their unique phone ID and any account details they might have on their phone so apps can transmit data between their device and the bank's server.
During the study, several financial service apps were analyzed, including those that enable the user to buy now pay later, surf the web for a deposit, manage your budget and money, trade stocks and trade stocks, earn cash-back with coupons, and make money transfers through mobile apps.
Many apps are collecting a lot of information about consumers.
One of the most popular was Robinhood: Investing for AllTM, which collected 25 different types of data from consumers. Other apps that collected 21 or more types of data included PayPal - Send, Shop, ManageTM, PayPal Pay in 4TM, KloarnaTM, and Groupon - Local Deals Near MeTM.
A scammer using users' phones to access their banking accounts could bypass all of the security features in their banking application because most people save their passwords on their phones or even stay logged into services like their email accounts.
There is a possibility that a scammer will ask for a new password for the user's bank app (and gain access to it via the user's email) and then bypass the security of the multi-factor authentication code (MFA) when the code is sent to their phone.
There are many ways in which criminals can take advantage of this scam, including saving targeted user's passwords in their mobile browser (or notepad), locking their phones, and not using biometric security measures like fingerprints. They cannot use application security to protect their phone against theft or scams if they are scammed.
It was found that the UK banking apps 'Monese: A Banking Alternative', 'Virgin Money Mobile Banking', and 'Starling Bank - Mobile Banking' were also considered to be highly intrusive by the government, and this was conducted after their websites disclosed several 23 and 20 categories of data, respectively.
Many parameters constitute personal information, including a person's location, financial information, and some identifying information, which are merely a few of the most obvious parameters.
Merchant Machine's investigation found apps that collect a wide range of sensitive information, including browsing history, searches, contact information, fitness records, and health records. In contrast, the applications GO2Bank, RetailMeNot: Coupons, Cashback, and FreshBooks Accounting each only collect two types of data.