With nearly nine out of ten internet users in Ireland now managing their finances online, concerns are mounting over the security of mobile banking apps as fraudsters become more sophisticated in targeting digital consumers.
According to the Central Statistics Office, 87% of internet users engaged in internet or mobile banking during the first half of last year. As mobile banking cements its place in daily life, cybersecurity experts and financial authorities are urging increased vigilance to combat rising cases of digital fraud.
The Central Bank of Ireland recently highlighted the issue in a “Behind the Data” paper on payment fraud. While it did not break down app-specific fraud figures, the risks are becoming increasingly evident, especially as attackers find new ways to infiltrate users’ phones rather than the apps themselves.
“Everyone thinks it’s the banking app that gets hacked, but in reality, it’s usually the device,” said Niamh Davenport, Head of Financial Crime with Banking and Payments Federation Ireland (BPFI). She warned that app-related scams—still low in volume—are on the rise and likely to grow.
To tackle fraud, BPFI has launched the Cross-Sector Anti-Fraud Forum under the National Payments Strategy. The initiative brings together banks, government, and law enforcement to strengthen fraud prevention efforts across sectors.
Biometric logins and real-time fraud detection are becoming standard, with major Irish banks such as AIB, Bank of Ireland, PTSB, and An Post investing heavily in security infrastructure. AIB, for example, has 2.2 million digital users and is spending €300 million on upgrading its platforms between 2024 and 2026. It recently introduced “Selfie Check” facial verification technology to enhance identity protection.
Revolut, which has three million Irish customers, and N26 are also leveraging facial recognition, AI-powered fraud detection, and dynamic authentication features like single-device access and biometric login.
Despite these efforts, experts caution that human error remains the biggest vulnerability. Wayne Morgan, CTO at IT.ie, said people still reuse passwords across multiple platforms or fall victim to phishing and “man-in-the-middle” attacks, where hackers intercept communication over compromised networks.
“Cybersecurity starts the moment you pick up your device,” Morgan advised, warning that once malware is installed, hackers can silently monitor activity for weeks until the user logs into a banking app—potentially handing over sensitive credentials.
Ireland’s telecom regulator will roll out new measures to combat text message fraud starting July 3. Suspicious SMS sender IDs will be marked as “Likely Scam,” with unregistered IDs being blocked from October.
As the EU prepares to implement the updated Payment Services Regulation (PSR) and PSD3, which aim to modernise digital payment security and consumer protection, Irish banks continue to urge customers to be cautious, especially when downloading apps or responding to messages about their accounts.
“The app may be secure—but your phone might not be,” Davenport warned.
