Despite the convenience and overall promise of mobile banking and mobile commerce—think NFC-enabled “tap to pay”—ongoing security fears are having a chilling effect on consumer uptake of these services. In fact, the research found that in the wake of the Heartbleed security breach in particular, only a minority of consumers (18%) still feel confident that their mobile movements are secure.
That’s according to a recent survey from Intercede, which found that a full half (53%) of UK consumers said that they would never use mobile banking services, while many avoid using any mobile financial services at all – including Paypal, money transfer apps and even accessing shopping websites via phone.
More specifically, half avoid money transfer apps, and almost a quarter (24%) would not feel safe shopping on their handsets. Furthermore, 75% of those concerned about data loss in the event their mobile device was stolen cited identity theft as their biggest worry.
“Nearly every week we read about another high-profile hacking story in the news,” said Richard Parris, CEO of Intercede, in a statement. “From major attacks such as Heartbleed to eBay’s recent data breach, it’s not surprising that consumers just don’t trust mobile security. This is throttling the mobile economy. But with the mobile device boom set to continue, it’s clear that security needs a radical revamp.”
Interestingly, it’s not just the non-digital natives that are shying away from m-finance. Concerns over mobile security and the safety of personal financial information were rife across all generations surveyed. Overall 54% of consumers are worried about the level of security of their device. However, 18 to 24 year olds are the most distrustful of mobile financial services.
Perhaps because they’re more technically savvy and perhaps more keenly aware of the potential dangers, 62% of this younger group said that they would never use mobile banking compared to 53% overall. A full 60% would never make mobile payments compared to 50% overall; and 52% would never use Paypal on their mobile compared to 43% overall.
When asked what security gaps most worried them, respondents cited a lack of trust in current mobile login and authentication options, and worries about identity theft—a large majority (87%) cited identity theft as their biggest concern with data loss in the event that their phone was lost or stolen.
One respondent said, “I must be confident only I will be able to log in and use them [apps] – at this stage, I just don’t trust apps, especially financial ones,” while others commented, “I don’t want anyone to steal my phone and be able to access my money,” and “Apps are too hackable.”.
“It’s clear that consumers are fast losing confidence in traditional authentication solutions – passwords are the weakest link and no longer fit for purpose,” continued Parris. “We need to regain consumer trust if the mobile economy is to really take off. We all already have multiple digital identities, from online banking to social networking to email and others, but these identities are becoming more and more prevalent, and how we secure them is a growing concern for consumers. The industry needs to sit up and listen – we need more sophisticated forms of trusted identity.”
The research also looked at what steps consumers are taking to protect their digital identities when they are using mobile applications. And despite all of the stated concern, many are leaving back doors open to hackers as they sign up for automatic log on and select “Remember me” and “Keep me signed in” options.
Of consumers using social media on mobile devices, 75% are automatically logged on to their mobile accounts. This figure stands at 72% for email users, 37% for customers of shopping sites such as Amazon, 23% for mobile banking and 27% for PayPal.
When asked if they were automatically logged in on more than one mobile device, the figures stood at 76% for users of social media, 45% for mobile banking, 46% for Amazon and shopping sites and 54% for PayPal.
And, 60% rely on their memory to remember all passwords, suggesting they are choosing weak and easy-to-remember combinations—a hacker’s best hope when lifting credentials.