SYDNEY, Australia—Fraud experts are issuing new warnings about mobile phone data security. They’re increasingly concerned about the proliferation of new apps using “screen scraping” technology to scan and scrape data from consumers.
Analysts say there’s also a very real threat being posed by password aggregation apps, which allow various accounts to be accessed with a single password, Experian reported.
Given the number of individual passwords the average consumer has to remember these days, password aggregation apps may seem very attractive, but they can also be dangerous, noted Experian. Analysts are warning consumers and financial institutions to avoid being tempted by convenience at the expense of security.
“It’s worth bearing in mind that with password aggregation apps, the fraudster only needs to work out one password to be able to access all your financial accounts,” said Albert van Wyk, head of fraud and identity at Experian A/NZ. “If this happens, you are liable. If consumers consider the use of these apps normal and OK, fraudsters will be quick to capitalize by luring them onto unsafe platforms.”
Experian is also urging caution around screen scraping apps. They allow financial information to be quickly and easily consolidated by FIs—van Wyk said the risks outweigh the benefits. “The financial services industry has a duty of care to not condone behavior that makes consumers feel like giving away personal and sensitive information is the right thing to do. Consumers could in fact contravene the obligations they have with their bank and find that they are no longer safeguarded against claims of fraudulent activity on their accounts.”
The onus should not be on the consumer to navigate all the complex fraud scenarios which could emerge, said van Wyk. “There’s a risk consumers could download fraudulent screen scraping, or password aggregation apps by mistake, thereby giving direct account access to a fraudster. Even if they download the correct app, the risk of malware attachments on these apps that could send data to unauthorized users.”
In several other major overseas markets, banks and financial institutions are moving away from screen scraping and password aggregation apps. Instead they’re looking at systems which allow banks – with the consumer’s permission – to share and confirm statement information directly between one another using secure technology.
“We see this type of approach to be better for all parties involved,” said van Wyk. “The service provider is able to streamline operations and supply their client with a seamless experience, while the consumer is not being asked to unnecessarily expose personal and financial information.”