(Expansión) – The video of a user that went viral on Twitter has caused a stir in recent days, in which she narrates that her phone was stolen and as a result of that, through her online banking (BBVA) they emptied the funds from your account.
Let’s focus on talking about issues related to the security of online banking regardless of the bank of origin, there are many points that we must analyze; For example, the fact that a bank asks you for extra security factors such as fingerprints, facial recognition, a pin, and other requirements to validate your identity is not synonymous with greater security, on the contrary, in the event of a data leak, information can be found detail for better identity theft.
Many of us recommend the fact of using double verification factors, the message that reaches your mobile with a code to validate your identity, this is common in online banking, if the mobile is lost or stolen and does not have any security (e.g. even counting can break the pin and unlock pattern) the attacker can request the login through password recovery invoking the double factor, since he has the key in his hands, the number and the mobile.
There are legal instruments to deal with the problem of identity validation due to the use of a debit or credit card, as long as it involves physically entering the pin or nip in a transaction (read Thesis 1a./J. 16/2019 (10a.) SCJN), which should not be confused when we are talking about a totally digital product such as online banking.
When someone uses our online banking and knows the pin to validate the transaction, the bank automatically assumes that the identity of the original banking user has been validated and it is extremely difficult to verify that, if it was stolen, lost or a close person who knows of these data carried out, the operation is delegitimized and is taken as an identity theft and other related criminal modalities. For this we require the figure of a forensic expert, who could request, with legal support in the process, the logs of movement, access, addresses, etc.
In the first instance, immediately reporting the bank that we use is essential, with this the accounts can be frozen so as not to have physical or digital operations, if this is not done it is a huge user error; the bank will take the order as theft or loss and with it an opening of unrecognized charges if that is the case. If the latter fails, we must go to CONDUSEF.
If something is clear to me from all this, it is that I have not met any thief who manages, after stealing a mobile, to obtain deep data from an application, particularly online banking; some things are not being counted, it is not only crucifying the bank, it is making the end user aware.
By the way, you can check the CONDUSEF publications on banks, there you will find figures on those with the most complaints….
Editor’s note: Carlos Ramírez Castañeda is a specialist and passionate about Computer Law, particularly in the areas of Cybersecurity, Cybercrime and Cyberterrorism. He has a Master’s Degree in Law of New Information and Communications Technologies from Santiago de Compostela Spain, Doctor in Administration and Public Policies from Mexico. He is a collaborator of various academic and government institutions, a professional always interested in cyber prevention issues, particularly with vulnerable sectors. Follow him on Twitter as . The opinions published in this column belong exclusively to the author.