"Brandon McGee, Industry Insider, Mobile Banking Guru...He is not only the real deal, a genuine industry insider, but also knows exactly what's on the minds of financial service pros as they contemplate the various mobile options." - Jim Bruene, Publisher & Founder, Online Financial Innovations

"Going Mobile. Local executive carves niche as national expert on fast-growing banking-industry technology trend" - Scott Olson, Indianapolis Business Journal (IBJ)

"Brandon McGee, the industry's unofficial ambassador for mobile banking" 

Sunday, July 17, 2011

Mobile Banking Security

How to Build a Secure Mobile App
"As is the case with any delivery channel, security is at the forefront for banks as they rush to deploy or enhance mobile banking apps in the fast-growing smartphone market. And while many banks' mobile apps limit customers to basic functions -- checking account balances and transaction histories, finding a branch or ATM location, and initiating transfers -- a new wave of apps is bringing person-to-person payments, remote deposit capture and bill pay to the mobile channel. Simply, the apps are getting smarter and more capable. But with those capabilities comes the potential for greater threats."

Mobile Banking Phishing Malware Comes To Android, Removed From Market
"The international cybercrime ring known as Zbot or ZeuS and the creators of the Zeus toolkit are back, this time targeting Android users. The ZeuS toolkit is bank information stealing malware that has already come to Symbian, Windows Mobile and Blackberry in the form of a trojan. The ZeuS team has created a survey form that installs a malware into your phone once you take the survey that is supposedly from a security company called Trusteer."

Mobile banking apps lead to new security issues
"When it comes to mobile banking via apps, it's pretty clear that security professionals need to embrace a whole new mindset. No longer can they be content to confine themselves to such well-known "technologies" such as Trojans, bots, phishing methods and the like. They need to understand that the emerging face of fraud will offer whole new challenges."

Aussie banks divided over mobile security education
"Some of the big four banks are divided over claims by a National Australia Bank (NAB) fraud specialist that more needs to be done to educate customers about the risks of banking using mobile devices.

Speaking during a roundtable at the Banktech conference in Sydney this week, NAB head of fraud operations and investigations, Grant Baxter, said educating consumers was an "absolute challenge" for the bank because some customers did not understand the capabilities of their smartphone and their handset's level of security."

Mobile Banking Gets Riskier
"'Digital wallets' that let consumers pay with the swipe of a smartphone could make the plastic credit card obsolete. But the technology also could chip away at consumers' privacy—and tempt them to spend more than they otherwise would.

Using a technology known as 'near-field communications,' or NFC, consumers will be able to buy items simply by passing their phones in front of a sensor at the checkout counter. Though NFC isn't available in many phones yet, a number of companies, including Google Inc., are close to rolling out programs."

Jailbroken phones not safe for banking
"Fraud experts have called on the finance industry to consider banning connections to online banking services from jailbroken devices, as the sector struggles to handle rising levels of electronic fraud.

While insecure transaction processes contributed significantly to electronic fraud, financial institutions were fearful of insecure mobile platforms. They were most concerned about users who jailbroke their devices, a process which granted user access to the device's root directory, allowing them to install applications and trigger settings not vetted by Apple."

Safer mobile transactions
"Last week ("More on biometrics") I recommended "biometric recognition as well as using passwords and SMS codes" for more secure mobile banking transactions. Long time reader Patrick O'Kane (he's chief architect for identity and access management services at Unisys) pointed me to a solution that does just that.

IdentityX, from Reston, Va.'s Daon, claims that using your smartphone, it can enable you to securely establish your identity through a combination of encryption, PIN entry, location-based technology, and biometrics such as voice, face and palm image matching. The company further claims that IdentityX is a fully mobile, private and cost-effective solution that allows you to set the level of security for each type of transaction -- thereby tuning the balance of convenience and security."

Mobile Banking Fraud Part #2: Fraud Detection Essentials
"In an earlier post, I discussed vulnerabilities associated with mobile devices that drive up fraud risk for banking and payments made through these devices. These range from malicious apps, to network security issues, to targeted man in the middle attacks. So, what can be done to counteract these vulnerabilities?

One option is to look to fraud detection residing on the mobile itself. You could monitor phone behavior patterns—in terms of calls made, time/day of week patterns, apps accessed, and browser behavior—to determine whether there is a change in usage patterns indicative of someone else using the phone or a malicious app."

No comments: