21 September 2015, Sydney, Australia —Fraud experts are issuing dire new warnings about mobile phone data security. They’re increasingly concerned about the proliferation of new apps using ‘screen scraping’ technology to scan and scrape data from consumers. They say there’s also a very real threat being posed by password aggregation apps which allow various accounts to be accessed with a single password.
Given the number of individual passwords the average consumer has to remember these days, password aggregation apps may seem very attractive, but they can also be dangerous. Analysts are warning consumers and banks to avoid being tempted by convenience at the expense of security.
“It’s worth bearing in mind that with password aggregation apps, the fraudster only needs to work out one password to be able to access all your financial accounts. If this happens, you are liable. If consumers consider the use of these apps normal and ok, fraudsters will be quick to capitalise by luring them onto unsafe platforms.” says Albert van Wyk, Head of Fraud & Identity at Experian A/NZ.
Experian is also urging caution around screen scaping apps. They allow financial information to be quickly and easily consolidated by the banks. Albert van Wyk says the risks outweigh the benefits. “The financial services industry has a duty of care to not condone behaviour that makes consumers feel like giving away personal and sensitive information is the right thing to do. Consumers could in fact contravene the obligations they have with their bank and find that they are no longer safeguarded against claims of fraudulent activity on their accounts.”
Albert van Wyk says the onus should not be on the consumer to navigate all the complex fraud scenarios which could emerge. “There’s a risk consumers could download fraudulent screen scraping, or password aggregation apps by mistake, thereby giving direct account access to a fraudster.” Even if they download the correct app, he points to the risk of malware attachments on these apps that could send data to unauthorised users.
In several other major overseas markets, banks and financial institutions are moving away from screen scraping and password aggregation apps. Instead they’re looking at systems which allow banks - with the consumer’s permission - to share and confirm statement information directly between one another using secure technology. “We see this type of approach to be better for all parties involved,” says Albert van Wyk. “The service provider is able to streamline operations and supply their client with a seamless experience, whilst the consumer is not being asked to unnecessarily expose personal and financial information.”
The need for consumer caution is heightened in Australia because Australians are among the world’s fastest adopters of mobile banking. The advice is to use different passwords across all your accounts; never store or send account information on SMS or email; avoid banking while on public networks like Wi-Fi; only use official bank apps and always protect your mobile device with a passcode.
Key Experian Contacts:
Solutions Marketing Manager, Experian Australia & New Zealand
61 407 624 216
We are the leading global information services company, providing data and analytical tools to our clients around the world. We help businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. We also help people to check their credit report and credit score, and protect against identity theft. In 2014, we were named by Forbes magazine as one of the ‘World’s Most Innovative Companies’.
We employ approximately 17,000 people in 39 countries and our corporate headquarters are in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2015, was US$4.8 billion.