An App a Day

The onslaught of new phones and apps and their related potential for financial crime

This article examines the high cost of convenience in regards to constantly evolving smart phones, iPads, and other personal communication device applications. The intentional (and unintentional) transfer of sensitive data between individuals happens in seconds. The author lays out the double-edged benefits of such technology and whether it’s worth the risk of being a victim of fraud and theft.

An App a Day

iPhones^®, iPads^®, Blackberries^®, Androids^®, tablets, and other related applications are released almost weekly. The innovation and ease have driven most users’ computing habits to the world of wireless.  It’s a double-edged sword.

Computing evolved from mainframes to desktops, laptops to tablets, becoming more “personal” with each leap of evolution.  Most users of these devices today simply access the Internet, social platforms, e-mail, and commonly used programs via inexpensive “apps,” which they can select and install on their handheld devices almost instantaneously.  The world of shopping obviously changed as well, maximizing this same technology.

The “Paperless Purchase”

Visit an Apple^® store, and no paperwork will be completed, provided…, or required.  The customer and purchase information enters the associate’s phone, the seller and buyer complete the sale, the associate swipes the customer’s credit card on the same phone, and e-mails the receipt to the customer.  The sale is finalized, and the customer leaves only with their purchases…and virtual receipt.

Created for convenience, several information transfer apps cause me concern regarding the potential for new financial crime.  Indeed, several recent news stories give me cause for concern regarding the ease with which new apps will create opportunity for the potential commission of financial crimes.

“Touchy-Feely” phones

One of these apps allow smart phone users to click (or touch) two phones together to transfer funds from one phone to another.  As demonstrated, one smart phone user prepares a transfer on their smart phone, while the second user accesses their bank account.  The users click (or touch) their phones together and the funds transfer from the first user’s account to the other user’s account.

Will this ease of transferring funds re-engineer a thief’s technique?  It’s now even easier to stalk individuals, demand the victim queue a transfer on their phone, touch phones together (moving the funds into a fictitiously created account), and abscond with the victim’s phone.  While the victim tries to seek assistance from law enforcement, the perpetrator could transfer the funds back out of the account, or simply withdrawal the funds via an ATM or other method in real time, likely before police even arrive for the initial complaint.

“Check” Your Photos 

Another app of concern enables users to snap a picture of a check to be deposited, transfer the picture to their bank, and receive funds into their account, just as if they took the physical check to their bank and manually deposited it.  Efficient?  Absolutely!

My concern lies with stolen, altered, and counterfeit checks.  Will this app make it even easier for an individual to convert unauthorized checks for personal gain? 

A big problem concerns employees stealing checks from customers payable to their employers and converting them through deposit into their own personal ATM deposit.  With this app, will the same individual simply take a picture of the employer’s diverted check and receive funds on the deposit? 

“And Your Point Is?”

A third app relates to sharing of personal information between smart phones.  The app allows users to share personal information by simply pointing the smart phones at each other.  The issue of how susceptible unauthorized access to users’ information became apparent to me recently while dining at a shopping mall.

I had my iPad with me to purchase a cover at the Apple store in the mall, and while waiting for our food, we used the iPad.  What happened next really interested me.

As other patrons walked by our table to use the restroom, several of the other customers’ personal information automatically connected to my iPad and came up on our screen as they walked by us.  I hadn’t set anything to retrieve their information, and I suspect they didn’t realize their personal information was…well, no longer personal. 

The problem?  Criminals plant themselves in public areas, every day, attempting to steal personal and financial information, e-mail access, Internet access, and any other data to use for illicit purposes. 

As these and other new apps develop and reach the public, we must review new wireless capabilities, and ensure these new venues do not increase the opportunity for financial crime.  How can you minimize your risk of becoming a victim of these or other potential schemes? 

• Ensure your smart phone and cellular devices are password protected from unauthorized access.  If lost or stolen, the thief will have less of a chance of accessing your apps and information.
• As new apps become available, such as “click transfer,” determine if you really need such an app.  If you really don’t need it, don’t install it.
• The fewer apps and access available on your smart phone and cellular device, the less access an unauthorized user will have to your data and funds.  Yup. 
• Monitor new capabilities released for your smart phone and cellular devices.
• If capabilities are “automatically” installed in your smart phone and cellular device by your provider (instead of by you), inquire as to ways those types of services can be removed or disabled by the carrier.
• Ensure the security features of your smart phone or cellular device are active and configured to share only information you want to share, if  you want to share anything at all.
• As always, vigilantly monitor your activity, bank accounts, debit cards, and credit cards on a very regular basis to detect issues as early as possible.

Trust me, it happens.

This article was originally published by Forensic Accounting Services, LLC and Stephen A. Pedneault, CPA/CFF, CFE, FCPA.  You can reach Steve at  steve@forensicaccountingservices.com or (860) 659-6550.