Supervision release 19 March 2024 – 13/2024

Security of online banking, mobile banking and online payments

Various payment-related frauds and scams are a constantly increasing phenomenon. Methods of fraud are constantly evolving, so online banking, mobile banking and online payment security as well as strong customer authentication technology solutions need to respond to new security threats in electronic payments.

Background to the survey

In a survey it conducted in October-November 2023, the Financial Supervisory Authority (FIN-FSA) investigated controls and processes related to the online banking, mobile banking and online payment security of banks operating in Finland, with the aim of ensuring strong customer identification and payment security against misuse of means of payment and other scams. 

The results of the survey provide more detailed information than before about the security of banks’ online payments and payment-related controls. The responses received will help the FIN-FSA to target its supervision both generally and on a bank-specific basis.

Survey conclusions and recommendations for banks

Based on a thematic assessment, banks have, for the most part, identified and implemented the key aspects of online payment security appropriately.

The responses to the thematic assessment show that payment service users have the option to set more versatile payment security limits for card payments than for credit transfers and payments made via online and mobile banking. The FIN-FSA recommends that banks develop controls for online banking and mobile payments so that users would have the option to set more versatile security restrictions on their credit transfer -based payments. Such restrictions include, for example, the option to set a daily or one-time usage limit for payments as well as to limit the countries or geographical areas and receiving parties to which payments are directed.

In addition, banks should improve the monitoring of potentially fraudulent transactions, blocking them and requesting further confirmation. The FIN-FSA recommends that banks develop their payment monitoring so that they could more precisely block payments that differ significantly from the customer’s previous payment history, for example according to the size of payments or the parties to which the customer has previously sent payments. In these cases, it may also be necessary to request an additional confirmation of payment from the customer in a sufficiently informative manner.

Important for banks to guide customers on secure online transactions

It is important to provide information about different types of scams and to guide customers on secure online transactions. Banks must continue to communicate actively through various channels about the security threats to their services and continue to remind and guide customers on how to use their electronic services securely.

For further information, please contact

Markko Koponen, Head of Division, markku.koponen(at)fiva.fi or telephone +358 9 183 5389

See also

Press release 19 March 2024: Payment-related frauds and scams are a growing phenomenon – Financial Supervisory Authority investigation reveals scope for improving security of banking transactions