Fraud experts have called on the finance industry to consider banning connections to online banking services from jailbroken devices, as the sector struggles to handle rising levels of electronic fraud.
While insecure transaction processes contributed significantly to electronic fraud, financial institutions were fearful of insecure mobile platforms.
They were most concerned about users who jailbroke their devices, a process which granted user access to the device's root directory, allowing them to install applications and trigger settings not vetted by Apple.
Jailbreaking a device can turn on a string of services, such as remote access, not usually available on the mobile. This process made it easy prey for exploitation, particularly if users neglected to change the default root passwords made accessible when jailbroken.
Leanne Vale, a fraud and financial crimes manager with credit union industry body Abacus Australian Mutuals, said the sector would have to tighten control over consumers who accessed bank services from such devices.
“We are going to get to a recalcitrant point where [financial organisations] will say that if you have jailbroken your iPhone, we won’t offer you the service,” she said.
One major Australian bank reported that electronic fraud had doubled in the last nine months.
Fraud is estimated to cost Australians approximately $8.5 billion a year, according to the Australian Institute of Criminology. The divide between businesses and consumers on the figure remains unclear.
Vale said institutions could potentially even move to ban customers repeatedly deemed insecure from accessing services by mobile.
The concept would leave responsibility for client information security with customers themselves; a sea-change from the current situation in which banks soak up fraud costs.
However, Vale and her industry colleagues acknowledged the finance sector had failed to properly educate users.
“We have to rely on the AFP [Australian Federal Police], and the Today Tonight's of the world to educate the public on mobile security", she said.
“Banks need to own this.”
The Teachers Credit Union was currently best at informing customers about mobile security, she said.
Fraud investigators for other major banks told SC they agreed with Vale’s comments.
“The message is that, rather than convince financial organisations that a phone is computer, try a fresh approach," Vale said. "Ensure they know what it is, know what it does, and understand the risk and [let them[ put in mitigation controls."
The finance sector's discussions come as the Federal Government prepares to release a community cyber awareness whitepaper designed to help educate the public on electronic fraud.