A growing number of consumers are using mobile devices to conduct transactions that put their personal identifiable information (PII) at risk. At the same time, they’re generally apathetic about security measures, and this is creating an open invitation for cyber-criminals to take advantage, according to a new study by Javelin Strategy & Research.
The report, “Smartphones, Tablets, and Fraud: When Apathy Meets Security,” was sponsored by authentication technology provider Nok Nok Labs and includes results from a survey of 5,634 U.S. adults over the age of 18.
As the report points out, consumers are increasingly relying on their mobile devices to stay connected, access email, interact with social media and other applications, and conduct transactions. Each of these activities holds value for cyber-criminals looking for account information and other personally identifiable information to sell or misuse.
Despite this, many consumers are lax when it comes to security. The study shows that about six out of 10 mobile users are reusing passwords across multiple accounts, exposing their online accounts to cyber-threats. While mobile technology is improving, many consumers are still relying on out-dated or legacy authentication technologies, such as one-time passwords.
“Unfortunately, consumers tend to favor convenience over security when it comes to using their mobile devices,” says Al Pascual, senior analyst, Fraud & Security, at Javelin and author of the report. “This fact, compounded with the persistent mobile security threats we face such as malicious WiFi hotspots, mobile malware and physical intrusions, means consumers’ [PII] is in a constant state of potential and fairly easy compromise.”
Among the other key findings of the study are that Android, iOS and Windows mobile users are undermining their security by reusing passwords more often than the average consumer. In fact, these users are about 25 percent more likely than all consumers to use the same passwords to access more than one online account.
The heavy reliance on one-time passwords is putting Android users’ financial accounts at risk, the study shows. Forty-one percent of Android users deploy one-time passwords with their financial accounts.
The study also shows that mobile users prefer fingerprint authentication. Of the prevailing biometric security features available with devices, fingerprint scanning is preferred by Android, iOS and Windows mobile users. Javelin says recent steps taken by Apple and Samsung to expand fingerprint-based authentication in their mobile phones is likely to be well-received by consumers and will subsequently strengthen the preference for this type of biometric technology.
Android and iOS device users face a significantly higher rate of fraud than the average consumer, for different reasons, according to the study. Users of both of these mobile platforms have similarly poor password and security habits, Javelin says, which is contributing to their risk of being victimized by security attacks.
“This report highlights a fact that we all know: that mobile users are at critical risk for fraud and identity theft,” said Phillip Dunkelberger, president & CEO of Nok Nok Labs. “We have to shift our focus as an industry and make security as important as convenience, without making the technology difficult for consumers to use. The study shows that consumers are willing to adopt biometric methods of authentication, which could play a major role in breaking down these barriers to secure authentication.”