Whether your smartphone has succumbed to inbuilt obsolescence, or the latest Apple phone release is simply shinier than the last, 不可否认,消费者正在交换, reselling or trading in their devices with increasing frequency.
如今,西方人平均都会升级他们的智能手机 每18-24个月. Whipping out a Blackberry at a business meeting in 2019 would garner the same bamboozled looks as heading down to the tennis court for a hit with your wooden racket.
翻新手机的市场比去年增长了一倍多 从2014年的5600万台增加到1.2亿台, 2017年总额超过50亿美元. It was five years ago that the number of mobile phones in the world outstripped the number of humans.
翻新手机是数据金矿
This growing, billion-dollar industry poses a huge security risk for financial institutions. Discarded devices are data treasure troves: email addresses, 出生日期, 家庭住址, 信用卡号, 许可的细节, 工资也会下降, passport numbers and personal images or documents are among the most commonly recovered files.
Experts have repeatedly proved the ease of harvesting personal data from recycled hardware, 即使是在出厂重置的手机上. In 2012年的一项研究 The University of Hertfordshire purchased 200 used devices on eBay and found over two-thirds, 不管文件是否被手动删除, 包含私人和敏感信息.
在一项更令人担忧的研究中, 剑桥大学研究人员 在二手手机上发现的, they were able to recover account tokens on all the devices, and on 80 percent of the phones the “master token” (essentially a digital key to your front door) was recovered. 从那里, 所有数据都可以恢复,包括电子邮件, 密码, 联系人, 消息和其他敏感信息.
These titbits of personal information are enough for a criminal to 劫持你的身份. A malicious individual could simply use the “forgot my password” function to gain access to your accounts, or they could even convince your service providers they are you, 根据他们现在掌握的信息. 与新 “自动”技术, criminals with access to your device have much more for freedom to shop the net using your pre-populated credit card details in the checkout box.
The Cambridge Analytica scandal may have given the false impression that stealing personal data requires a coordinated, 秘密行动. 在现实中, scraping private data from discarded devices is not all that difficult, with free forensic apps allowing even the most techno-challenged Luddites to download your long-deleted summer holiday snaps.
免费数据的实际成本由银行支付
So why is it that a flaw with phone technology is a cause of concern for banks? Banks have a responsibility and a duty of care to their customers to protect against fraud and keep their customers’ data secure.
这还没有考虑到收入损失, 声誉损失, and the possible regulatory liability for failing to detect and prevent fraud threats. 然而,, financial institutions have been too slow to react to the proliferating gateways for fraud and identity theft.
趋势显示 银行和信用卡诈骗大幅上升, with both the frequency and amounts stolen from customers increasing. In 2016, on average £475 was stolen from an individual fraud victim, 但这一数字在2018年上升到了平均833英镑.
很明显, in 2018 one in four consumers in the UK were victim to some sort of online fraud. 仅去年一年英国的欺诈损失 让各大银行损失1英镑.20亿年, with that number growing year on year as more data becomes available to criminals.
是时候行动了
身份盗窃只会变得越来越容易, 更容易被发现,也更难被发现, banks need to invest in their financial crime detection and response capabilities. TSB is the first British bank to announce that it would give an automatic refund to victims of fraud. Intended as a reaction against the bank’s IT meltdown last April, it can be praised as a step in the right direction by relieving customers from paying the cost of fraud.
然而, the issue remains that British banks tend to process fraud without treating the customer as the victim of a crime. This tacitly condones criminal activity by paying off their losses, 而不是致力于防止欺诈. 反过来, this could further incentivise fraudsters to target more customers with the knowledge that the losses incurred to the individual will be recovered.
好消息是, the advent of Strong Customer Authentication under PSD2 later this year will force banks across Europe to implement process and technology changes that will make it much harder to commit fraud using details recovered from an old device. Biometrics and 2 Factor Authentication (2FA) will become the norm for all online or mobile payment journeys – with measures such as fingerprint recognition, FaceID, or a code sent to a mobile number used to mitigate fraud risks.
考虑到 12大网上银行提供商中的7家 in Britain do not provide multi-factor authentication today, this will require a significant level of investment across the industry.
Unless banks are willing to ask their customers to hold onto their iPhones in perpetuity, they will need to invest in and deploy enhanced security measures to better protect their customers.
