NEW YORK, Oct. 30, 2012 /PRNewswire/ — Reportlinker.com announces that a new market research report is available in its catalogue:
Mobile Banking Security provides an insight into the current state of mobile banking security. This 40+ page report analyses the importance of security for mobile banking and investigates how technology vendors and banks are deploying solutions to prevent fraud and identity theft.
SECURING THE MOBILE CHANNEL
This white paper from mobile security research and consultancy specialist, Goode Intelligence (GI) investigates how banks and other financial institutions are securing the mobile channel. There is a great opportunity for banks to benefit from the immediacy that smart mobile devices (SMDs) offer. However, there are significant risks in adopting these exciting new communication channels and these risks must be counteracted before consumers are confident in accepting them. This white paper compliments the GI Insight report, Mobile Banking Security.
BANKING GOES MOBILE
The rapid adoption of smart phones and tablets has not escaped the attention of business. Every type of organisation – from retailers to publishers and government departments – has produced their own apps for customers to download. And banks are no exception. They too have launched apps to allow customers the freedom to carry out the same range of transactions they would have previously conducted online from a Personal Computer (PC).
The reasons are not hard to see. Banks are targeting smart phone owners because they represent good business, being generally younger or more affluent. US research predicts that around 20 percent of Americans will be doing mobile banking by 2015. In other words, the same people who want the latest gadgets – smart phones and tablets – are the very people the banks want as customers. This trend should be welcomed by the banks. The mobile banking channel allows banks to deal more effectively and more directly with customers, and it also has the potential to be more secure than traditional online banking.
WHAT ARE THE RISKS?
While the current level of threat against the mobile channel is low compared to traditional PC-based communication, most experts agree that criminals will inevitably turn their attention to mobile banking as its usage grows. As the mobile device becomes the number one screen for our daily lives it conversely becomes an increased target for malicious activity. Mobile devices are increasingly being attacked.
IS MOBILE THE SECURE WAY FOR BANKING?
Goode Intelligence believes that the mobile banking channel has the potential to be more secure than traditional online banking.
Why is this?
One reason is that the individual device can double up as a security token. By registering a specific phone to the banking service, the authentication process can be simplified for the user who merely has to enter a private PIN of passcode to prove they are in possession of the registered phone.
Furthermore, smart phones have the potential to offer stronger authentication. Geolocation, voice recognition, built-in cameras and fingerprint readers could all be used, if required, to offer additional layers of security when authenticating users.
Most importantly, all these extra measures could be added without spoiling the user experience. It means that mobile banking can offer better security and better user convenience at the same time.
Recommendations for secure mobile banking
Goode Intelligence recommends that banks should follow these actionable steps to ensure that their customers are secure when banking on their mobile devices:
• Use the power of the mobile phone to create an encrypted communication channel between user and bank
o The phone’s “fingerprint” should provide one factor in authenticating the users (the PIN provides another)
• Consider using the other facilities on the phone for stronger authentication (biometrics, geolocation)
• Monitor apps stores for any rogue apps that purport to represent your company – and kill them quickly
• Introduce a plan for updating mobile banking apps
• Ensure that mobile banking apps are security tested
• Integrate mobile apps with other banking channels, so that security lessons learned in one channel benefit the others
• Educate users about system hygiene when upgrading their handset, and disposing of an old one
Introduction to Mobile Banking Security .3
Five years of rapid change 3
Banking goes mobile . 4
What about security? 4
Executive Summary 5
Smart phones can improve banking security 5
Potential pitfalls 6
Mobile Vulnerabilities . 6
Mobile malware on the rise and targeting banks . 6
How banks need to respond . 7
Market analysis 8
Business drivers for the banks 8
Convenience trumps security . 9
Ease of use is essential, but poor security is a “show stopper” 10
Mobile could be more secure . 10
Less malware . 10
Personal relationship to the device 11
Continuous connection . 11
Multi-factor Authentication and Verification (MFA/MFV) . 11
Regional Guide .14
The global rise of the mobile phone . 14
Africa . 15
Case study: South Africa . 16
Case study – Bank of America . 19
Europe . 20
Slovakia . 22
Australasia . 23
New Zealand . 23
Rest of the world . 24
Compliance and regulation 25
Shifting responsibilities . 25
Western Europe 26
Conclusion . 26
Dealing with the right person: Authentication . 27
Multi-Factor Authentication/ Verification (MFA/MFV) 28
The threat landscape 29
Building secure apps – and keeping them secure . 31
Test the whole system 32
How to keep apps secure 33
Handling high smart phone turnover 33
Broader considerations . 34
Goode Intelligence advice summary . 36
Technology vendors and service providers 37
Encap . 38
Entersekt . 40
Entrust . 41
Beating rogue apps . 43
Managing transaction risks across the channels 43
Future additions 44
Trusteer . 47
Related research / about Goode Intelligence 48
Appendix A: References .49
To order this report:
Email: [email protected]
Intl: +1 805-652-2626