Mobile Banking Fraud Part #1: Vulnerabilities of Mobile Devices

Mobile devices are changing the payments landscape.  More mobile devices are becoming equipped with near-field contactless capabilities and apps that allow for the purchasing…

AdobeStock_82359764@2x.jpeg
Scott Zoldi by Scott Zoldi

Chief Analytics Officer

expand_less Back to top

Mobile devices are changing the payments landscape.  More mobile devices are becoming equipped with near-field contactless capabilities and apps that allow for the purchasing of goods and services.  While this provides a number of conveniences for consumers, mobiles also come with greatly increased risks related to payments. Case in point, malware instances on Android phones grew 400% between summer 2010 and spring 2011, according to the “Malicious Mobile Threats Report” by Juniper Networks.

The increased risk stems from the fact that mobile devices typically lack the firewalls and other security measures that are more standard on home computers. This make mobiles ideal for launching malicious software that tracks key strokes and compromises sensitive personal information, usernames, and passwords.  To make matters worse, app purchasers are often much less discerning about downloads to their mobile compared to a home computer. 

Beyond malicious apps and downloads, there is additional concern about the security of the networks used by the phone.  Many phones are wifi capable, and although the public has become conditioned to not connect to unknown wifi networks using personal computers, there is less discretion when using mobile phones.  In particular, the public has been systematically targeted at airports and other aggregation points by malicious wifi networks. 

Even when users are careful selecting a wifi network, they can be prey to “Man in the Middle” attacks on mobiles. Here, a fraudster will target MAC addresses associated with a particular brand of phone and redirect transactions through the fraudster’s computer.  This allows the fraudster to launch a tool like SSL strip to remove security protocols, and capture usernames and passwords used in payments, online bank access, email, etc.  Although this is easily done on wifi networks, the same attack exists on mobile networks such as GSM, where a fraudster can impersonate a GSM base station. 

These vulnerabilities demand advanced analytics that monitor mobile device usage to detect fraud.  That will be the topic of a future post…

Stay tuned for Part 2.

Scott Zoldi
Scott Zoldi
Dr. Scott Zoldi is chief analytics officer at FICO, responsible for artificial intelligence (AI) and analytic innovation across FICO's product and technology solutions. Dr. Scott Zoldi has been listed as an inventor on 100+ patents, in collaboration with other data and analytic scientists, and he is also named on an additional 45+ patent applications in process. Scott is an industry leader in the responsible use of AI, Generative AI (GenAI), and Agentic AI, as well as an outspoken proponent of AI governance and regulation. His groundbreaking work in focused language models (FLMs) for GenAI and a patented use of blockchain technology for AI model development governance has helped propel Scott to AI visionary status. His recent awards include Constellation Research Award AI150, Tech Leadership Award from Banking Tech Awards, Tech Influencer Highly Commendable Award from DataIQ Data & AI Awards, San Diego Business Journal - Leaders of Influence in Technology (2025); Tech Leadership - Software & Services Provider from Fintech Futures, MachineCon AI100 Award, Innovator Award from American Banker (2024); Global Finance Innovator Award (FICO) (2023); and Corinium Future Thinking Award (2022). An enthusiastic member of the southern California tech community, Scott serves on the Boards of Directors of Software San Diego and the San Diego Cyber Center of Excellence. He received his Ph.D. degree in theoretical and computational physics from Duke University, and his work has been published in The Harvard Business Review and numerous scientific journals.

When not at his office or on a plane, Scott can often be found in his Ford Bronco, exploring the desert around San Diego with his family. To hear more of his views follow Scott on LinkedIn and BlueSky @ScottZoldi.
See all posts
chevron_left Blog home
RELATED POSTS

Popular Posts

Take the next step

Connect with FICO for answers to all your product and solution questions. Interested in becoming a business partner? Contact us to learn more. We look forward to hearing from you.

Contact us