The Digital-Safety Risks of Financial Technologies for Survivors of Intimate Partner Violence
Published in 32nd USENIX Security Symposium, 2023
Digital technologies play a growing role in exacerbating financial abuse for survivors of intimate partner violence (IPV). While abusers of IPV rarely employ advanced technological attacks that go beyond interacting via standard user interfaces, scant research has examined how consumer-facing financial technologies can facilitate or obstruct IPV-related attacks on a survivor’s financial well-being. Through an audit of 13 mobile banking and 17 peer-to-peer payment smartphone applications and their associated usage policies, we simulated both close-range and remote attacks commonly used by IPV adversaries. We discover that mobile banking and peer-to-peer payment applications are generally ill-equipped to deal with user-interface bound (UI-bound) adversaries, permitting unauthorized access to logins, surreptitious surveillance, and, harassing messages and system prompts.
To assess our discoveries, we interviewed 12 financial professionals who offer or oversee frontline services for vulnerable customers. While professionals expressed an interest in implementing mitigation strategies, they also highlight barriers to institutional approaches to intimate threats, and question professional responsibilities for digital safety. We conclude by providing recommendations for how digital financial service providers may better address UI-bound threats, and offer broader considerations for professional auditing and evaluation approaches to technology-facilitated abuse.
Recommended citation: Bellini, R., Lee, K., Brown, M. A., Shaffer, J., Bhalerao, R., & Ristenpart, T. (2023). The Digital-Safety Risks of Financial Technologies for Survivors of Intimate Partner Violence. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 87-104).
Download Paper