Australia's mobile-wielding Christmas shoppers posing new security threats to themselves, employers

Consumers' increasing reliance on mobile apps during the holiday shopping period has brought a new round of warnings for companies with bring your own device (BYOD) policies that face increased risk of data exfiltration through the use of unscrupulous apps designed to be overly familiar with users' personal information.

New research from B2B International and Kaspersky Labs suggested that online consumers were growing increasingly concerned about making financial transactions online, with 65 percent concerned about online financial fraud – up from 62 percent last year – and 54 percent (up from 49 percent last year) saying they felt vulnerable when buying products or making financial transactions online.

Some 43 percent of the Kaspersky respondents said they had abandoned an online payment transaction in the past because it didn't seem secure enough; that figure was 37 percent in 2014.

Ross Hogan, global head of the Kaspersky Lab Fraud Prevention Division, said in a statement that it was “understandable that people are increasingly concerned about the risk of online fraud” and said banks should be taking the lead in giving customers security tools to support their online work.

“Banking customers shouldn’t be letting their fears get in the way of enjoying the benefits of making financial transactions online,” Hogan said. “By using an appropriate Internet security solution, they can take their own steps to protect their money from fraud.”

Growing use of mobiles for shopping has made them increasingly significant as overall online shopping figures continue to surge. Recent Roy Morgan figures suggest that 4 in 10 Australians and half of New Zealanders are now buying something online in any given month. Australians alone spent $37.8 billion online during fiscal 2014/15, according to the Roy Morgan figures.

A growing proportion of these transactions are being conducted through mobiles: recent research by IPSOS and PayPal Australia, for example, found that mobile-commerce usage had grown by 204 percent since 203 and that 2.2 million Australian were planning on using their smartphones to buy Christmas gifts this year.

Mobile shoppers should exercise a range of cautions including screenshotting their proof of purchase rather than waiting for merchants to email a copy of the purchase confirmation; being careful about phishing emails and entering sensitive details into mobiles while other people are nearby; and using official shopping apps for a more seamless shopping experience.

Yet even those official apps can cause headaches for IT managers by taking liberties with the personal information of BYOD users, according to recent research by software-management firm Flexera Software. That company ran an analysis of 26 popular iOS based shopping apps and found that the majority were capable of accessing a range of personal information, often without users knowing.

Some 69 percent of the apps – including big-name brands such as Amazon, Disney, eBay, Groupon, Macy's, Nordstrom, REI, Shutterfly, Starbucks and Target – were able to access the social-media apps on the user's phone, while 65 percent of the tested apps could access address book and calendar information. Some 58 percent of the apps could access the device's SMS messaging features, while all of the 26 apps save two were able to access the device's GPS location tracking information.

Twenty of the apps were integrated with third-party ad networks that have been recognised as an increasingly dangerous threat: 'malvertising' reached record levels in June, while in late July security firm Cyphort warned that more than 10 million people may have been expose to malware transmitted through advertisements.

The granting of app permissions may seem innocuous to bargain-minded holiday shoppers, but they can present real issues in BYOD situations where users' phones are filled with company contact, calendar and other information.

“Giving apps access to this data may create unwanted security risk depending on the organisation and its BYOD policies,” the firm warned. “It is therefore incumbent upon IT teams to understand what popular mobile apps their employees are letting onto corporate and BYOD devices, and understand what risks those apps might pose.”

Even the government is warning mobile users to be careful this year, with the Australian Communications and Media Authority (ACMA) echoing warnings about mobile app usage over the holidays – and, in particular, customers' often wanton use of free mobile apps that frequently bury data-siphoning habits in complex terms of use that many users barely consider.

ACMA recently released primers for mobile users warning them about how to manage their app purchases, security, and other areas.

Recent ACMA research found that 4.3 million Australians downloaded banking and finance apps onto their mobiles in the previous year, while 2.9 million downloaded shopping apps.


Security ALERT!

Need help making the right choice for you business? Need to update your system but don't know where to start? CSO can help, check out our security hub today.

Gigamon Transform Security Zone

Read more: Territoriality, denial confounding chances at IT-security improvement, risk expert warns

Join the CSO newsletter!

Error: Please check your email address.

Tags security threatsRoy MorganNew ZealandIPSOSshoppingB2B InternationalChristmasCSO Australiakaspersky labsBYODretailsecurity

More about Australian Communications and Media AuthorityCSOeBayFlexeraGigamonKasperskymobilesMorganNordstromPayPalRoy MorganShutterflyStarbucks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts