A New Taxonomy of Mobile Banking Threats, Attacks and User Vulnerabilities

Authors: Saman Mirza Abdullah1 & Bilal Ahmed2 & Musa Ameen3
1Koya University, Koya, Iraq
1,2&3Ishik University, Erbil, Iraq

Abstract:  Mobile banking becomes an interesting technique within the modern bank establishments. It facilitates the transactions and day lifestyle of customers. It minimizes the impact of location and time for doing bank activities and communicate with bank servers. However, the process is exposed to risks from attackers and hackers, especially, user behaviors that open and create much vulnerability in this system. This work presents a new taxonomy for mobile banking attackers and threats. Through this taxonomy, this work will identify the important user vulnerabilities that attackers may misuse for penetrating systems and steal privacy and sensitive data. The main contribution of this work is to provide important suggestions for mobile banking users so that they can take them as a precaution for protecting their privacy and financial aspects. The work concluded that there are many user behaviors of mobile banking which lead to threats in the systems. The work presents many suggestions for users so that their systems can be protected from malicious activities and malwares. Also, many future aspects have been presented.

Keywords: Mobile Banking, Threats and Attacks, User Vulnerabilities

Download the PDF Document from here.

doi: 10.23918/eajse.v3i3p12

Bojjagani, S., & Sastry, V. (2017). VAPTAI: A Threat Model for Vulnerability Assessment and
Penetration Testing of Android and iOS Mobile Banking Apps. In Collaboration and
Internet Computing (CIC), 2017 IEEE 3rd International Conference.
C Insights (2015). Mobile Banking Security: Challenges, Solutions. USA, Report.
Feizollah, A., Anuar, N., Salleh, R., & Wahab, A. (2015). A review on feature selection in mobile
malware detection. Digital Investigation, 13, 22-37.
Eurasian Journal of Science & Engineering
ISSN 2414-5629 (Print), ISSN 2414-5602 (Online) EAJSE
Volume 3, Issue 3; June, 2018 20
Ghani, S.M., Abdollah, M., Yusof, R., & Mas’ud, M. (2015). Recognizing API Features for Malware
Detection Using Static Analysis. Journal of Wireless Networking and Communications, 5,
Hasan, M., & Khalid, A. (2010). Development of Multimedia Messaging Service (MMS)-based
receipt system for mobile banking. In Information Technology (ITSim), International
Symposium, pp. 1-6.
Huxham, H. (2017). Mobile banking system with cryptographic expansion device. Google Patents.
Irch, D. (1999). Banking on the move: The internet isn’t the only new digital channel.
Retrieved from http://www.icommercecentral.com/open-access/mobile-financial-servicesthe-internet-isnt-the-only-digital-channel-to-consumers.php?aid=38668
Kavitha, K. (2015). Mobile Banking Supervising System-Issues, Challenges and Suggestions to
improve Mobile Banking Services. Advances in Computer Science: An International
Journal, 4, 65-67.
MaCafee, (2017). McAfeeLabsThreatsReport. Retrieved from
https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017. pdf2017.
Mallat, N., Rossi, M., & Tuunainen, V. (2004). Mobile banking services. Communications of the
ACM, 47, 42-46.
Martinelli, F., Marulli, F., & Mercaldo, F. (2017). Evaluating Convolutional NeuralNetwork for
Effective Mobile Malware Detection. Procedia Computer Science, 112, 2372-2381.
MPSS. (2018). Myanmar Paymnet Solution Services.
Must, B., & Ludewig, K. (2010). Mobile money: cell phone banking in developing countries. Policy
Matters Journal, 7, 27-33.
Nosrati, L., & Bidgoli, A. (2015). Security assessment of mobile-banking. In Computing and
Communication (IEMCON), 2015 International Conference and Workshop.
Shah, N. (2017). Securing Database Users from the Threat of SQL Injection Attacks.
Shukla, S. (2018). Trust and Security Must Become a Primary Design Concern in Embedded
Computing. ACM Transactions on Embedded Computing Systems (TECS), 17, 1.
Unuchek, R., & Chebyshev, V. (2014). Mobile malware evolution: 2013. AO Kapersky Lab.
Weerasinghe, D., Rakocevic, V., & Rajarajan, M. (2012). Security framework for mobile banking. In
Trustworthy Ubiquitous Computing, Springer, pp. 207-225.
Yan, P., & Yan, Z. (2017)