Protecting Against the Top Mobile Security Threats in 2016

Posted on by Alisdair Faulkner

By the end of 2016 there will be an estimated 6.4 billion connected devices—a 30 percent increase over 2015—as mobile continues to become the channel-of-choice for everything from online banking to e-commerce. This mobile proliferation is attracting cybercriminals too, and they use stolen identities and compromised devices from major data breaches for advantageous financial gain.

Mobile POS securityGiven the increase in connected devices, the following are several mobile security trends to expect this year: 

  • Cross-device transactions: According to a recent report from ThreatMetrix, consumers are becoming more comfortable using multiple devices to access online accounts. In Q4 2015, more users than ever before accessed their bank accounts, made payments, streamed content and created new accounts using their connected devices, moving seamlessly between devices such as tablets and smartphones. With this trend in mind, businesses need to determine effective cybersecurity measures to ensure that the fraudsters are being stopped in their tracks without interrupting or adding friction to the user experience for authentic customers. For example, a loyal e-commerce customer doesn’t want his or her transaction to be rejected because a purchase was made via smartphone instead of a previously used device, such as a desktop.
  • New and emerging mobile payments options: While remote transactions have moved to connected devices, the share of mobile at the point-of-sale hasn't taken off at the same level. However, 2016 seems to be the year when the market forces are aligning to make it happen. POS terminal upgrades to support the Europay-Mastercard-Visa (EMV) mandate in the U.S. will further provide support for NFC-based mobile payments. Many established and emerging players are looking to capitalize on the impending shift to mobile transactions with innovative solutions to support payment via mobile in store. Traditional players, like financial institutions and payment networks, are delivering capabilities for established tech companies and emerging startups alike to innovate from the edge. As digital and mobile wallets like Apple Pay and Samsung Pay take off, we will see a parallel growth in attacks targeting mobile platforms. Cybercriminals will develop more sophisticated mobile fraud strategies, including bot attacks, malware, device spoofing, jailbroken devices and rooting.
  • BYOD programs: Juniper Research estimates that more than a billion personally-owned devices will be enrolled in bring-your-own-device (BYOD) programs by 2018. While convenient and cost-effective for both consumers and employers, BYOD poses several risks to enterprises. As BYOD becomes more widespread, corporate IT loses visibility and control over the devices employees and contractors use to access both critical and non-critical applications. To keep up with the growing number of connected personal devices and protect sensitive information from being exposed, businesses need to update their BYOD policies to maintain a balance of security, productivity and preference.
  • Mobile healthcare vulnerabilities: Hackers will attempt to access Internet-connected medical devices, putting patients’ health and privacy at risk. According to a recent report, up to 94 percent of healthcare organizations admit they have fallen victim to cyber attacks, and these attacks show no signs of slowing down. A significant amount of healthcare data is now being shared via mobile devices and applications (often on public networks), which raises significant privacy and security concerns, as mobile devices can easily be compromised.

We now live in a digital-first world and mobile transactions will only increase in years to come. To protect against cybercrime without adding friction to the customer experience, businesses need global shared intelligence and a holistic cybersecurity strategy. Global shared intelligence enables fraud, security, risk, compliance and customer engagement departments to have a unified view and model of a user’s digital identity across all digital channels—including email addresses, geo-locations and devices from both personal and business personas.

Alisdair Faulkner

Chief Product Officer, ThreatMetrix

mobile security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs