There are fresh signs a cybercriminal blitzkrieg may be coming to a mobile banking app near you. In fact, it’s already here. Today, nearly 60% of all fraudulent transactions in the banking sector now take place via mobile app, according to findings in Outseer’s latest quarterly Fraud & Payments Report.

As competition for banking customers heats up, the potential financial and reputational fallout could eclipse both shock and awe.

According to Forbes, mobile banking penetration has grown to encompass 95% of Gen Zers, 91% of Millennials, 95% of Gen Xers, 60% of Baby Boomers, and 27% of Seniors. As our own data bears out, three times as many digital transactions were facilitated through mobile banking apps (75%) during the third quarter of 2021 than mobile browsing (3%) and the desktop web (22%) combined.

The banking brand delivering the most speed and convenience can win big. Unfortunately, the bad guys got the memo. Between July and September 2021, Outseer researchers observed that fraudulent transactions made via mobile app rose more than 35% over levels seen during the fourth quarter of 2020. And there are no signs of slowing down.

Fraud & The Mobile Money Grab

Even without on-again, off-again, on-again threats of Russian cyberattacks in retaliation to U.S. support for Ukraine, the avenues for low-risk, high-reward fraud attacks are plentiful.

Take email and SMS scams designed to look like fraud alerts or past-due notices that fool recipients into entering login credentials on bogus bank sites. Or fraudulent banking and payment apps downloaded from trusted app stores and designed to do the same. Or banking Trojans like Escobar, which hijacks legitimate apps with overlays of fake bank login forms and even steals Google Authenticator codes to bypass two-factor authentication.

Thanks to scams like these and an endless stream of data breaches, logins and credit card numbers can be acquired for pennies on the dollar in dark web marketplaces.

Across all industries, card-not-present (CNP) fraud alone could lead to $17.3 billion in losses by 2023, according to the Aite-Novarica Group. Meanwhile, account takeover (ATO) contributes to as much as $16.9 billion in annual losses. And then there’s the use of stolen and synthetic identity data in account enrollment fraud, which is a $6 billion problem the FBI calls one of the fastest-growing forms of financial crime today.

According to Outseer’s data, the average loss to consumers who fall prey to these swindles in Q3, 2021 ranged from $2,089 for transactions originating from the mobile channel to $9,898 for those originating from the desktop web. But those figures can go much higher. And banks themselves can pay a hefty price as well.

Fraud Meets Friction: The High Cost to Bank Brands

According to surveys cited by SecurityBoulevard.com, 67% consumers who fall prey to fraud will switch banks as a result. And when word gets out through negative headlines or social media rants, the reputational damage can be costly. According to Forrester, lost customer trust and even heightened customer suspicion can impact a company’s revenue by 10% to 25% in a single year.

But as eMarketer points out, cranking up security measures to avoid that must be done judiciously. More than a third of customers bristle over ever-changing authentication measures. At a time when it costs 5X as much to find new customers than it does keep existing customers happy, the balance between preventing fraud while avoiding added friction can be a high-stakes tightrope act.

Educating bank customers about scams, the need for strong passwords, and enabling multifactor authentication can help. But FIs are advised to take a risk-based approach to authentication so that legitimate customers are able to conduct business without interference and step-up challenges can be reserved for only the small percentage of logins or transactions that warrant additional scrutiny.

In a digital banking battlefield marked by rising consumer expectations and increasingly-sophisticated cybercriminal attacks, a multilayered approach that includes these and other measures may be your safest path to victory.

To learn more about current digital banking fraud trends and how to protect against them, download The Q4 2021 Fraud & Payments Report from Outseer.

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.