Own a Smartphone? That's like carrying £20,000 in your back pocket
Forget about the complex, large-scale hacks of credit card databases you read about in the media: the most common fraud is the takeover of an individual's account. By getting access to personal information, thieves not only invade a person's bank accounts and online identities, but can spread their attacks to the victim's contacts, friends and family.
According to a recent study, more than half the UK population now own a Smartphone. While most of us view it as not only a step up from the feature phones of old but also a natural step towards the future of personal computing devices, how many actually consider their real monetary value - beyond the handset itself to the data contained on it?
Think about it for a second. A Smartphone is something people carry everywhere and look at more often than their loved ones. It contains increasingly large amounts of personal information about its owner, their families and their financial arrangements. Yet they're also easily lost, and many people don't bother to secure them.
In essence, Smartphones - whilst offering a vast range of benefits - are a huge fraud risk. Likewise, social gaming and social networking are readily exploited by criminals to gain access to personal data.
Despite the number of high-profile stories about complex database infiltrations by groups like Anonymous, the most prevalent fraud is the simplest: account takeovers. This is about a whole lot more than just accessing the account in question; it's about the data stored in the account and the access to other accounts and personal information that data might allow. If you think about the amount of personal information that's stored within an email account, or on a Facebook profile, you start to realise how valuable that account might be for a fraudster. User names, passwords, interests, hobbies and family information are all readily available.
Carrying a smartphone around is as risky as carrying £20,000 in your wallet or purse. This may sound completely ridiculous, but think about it for a moment; smart devices house information that, if stolen, can provide a goldmine to fraudsters. An unsecured smartphone gives access to email accounts, social media, family information, billing details, geographical data and so much more. This data can be used for small thefts using credit card information, or to profile the person for bigger, more detrimental types of fraud that could cost tens, or even hundreds, of thousands of pounds. Don't discount the value of apps that render smart phones unusable when they're stolen, or the built-in tools that allow a handset to be wiped if lost. These simple utilities are the best defence for protecting your personal information from being used for illegal purposes.
While all of us can take precautions to ensure our data is protected, the responsibility largely sits with the businesses that hold it. Businesses will often say that they have a low instance of fraud, but the truth is that they have a low reported level of fraud. We all know someone - or several people - whose email or Facebook accounts have been hijacked or hacked. How many of the victims have reported the hack to the service provider? Has the service provider taken any action, or even responded? To combat this fraud, businesses need to adopt multiple factor authentication. But they also need to find the right balance as over-complicating the security process will only drive customers away.
Another opportunity for fraud via a Smartphone is through the applications that sit on the device. Indeed, social gaming is playing an increasing role in the way fraudsters collect and share data about individuals. There are currently no regulations in place to restrict how data captured by social gaming apps is shared by the developer. In fact, Facebook has no say in what data is captured at all. Fraudsters have seen this is an ideal opportunity to create illegitimate apps that, when downloaded, act as a Trojan Horse to gain access to the users Facebook page and with it, loads of personal information. EU Data Registrars and Facebook have no clue about the types of data being pulled through these apps or how fast and widely it is distributed. There needs to be more control around the anonymity of the data being captured so it is hidden to the developers and only reveals basic forms of identification, such as social geography. There is also a simple step that users can take to ensure they protect themselves from these hacks: Go into your smart phone settings and make sure that data sharing through social media apps is turned off, and set a PIN for the screen lock on your handset.
Everyone values both their phones and their social media applications, and striking a balance between benefit and risk is a tricky exercise. Until controls are tightened up - by both service providers and end users - a smartphone will remain a risky proposition.