- Language: English
- Published: May 2012
Mobile Banking Security
- Published: October 2012
- 49 Pages
- Goode Intelligence
‘Mobile devices do create new risks, but they can also help to make online banking considerably more secure.'
Ron Condon: Author and Senior Analyst, Goode Intelligence.
Mobile Banking Security provides an insight into the current state of mobile banking security. This 40+ page report analyses the importance of security for mobile banking and investigates how technology vendors and banks are deploying solutions to prevent fraud and identity theft.
Features Interviews with Leading Stakeholders Including: KPMG, Trusteer, RSA, Entersekt, Entrust, SecurEnvoy, ISACA, Encap, Monitise
Who should read this report?
This report is aimed at banks implementing mobile banking solutions and solution providers that are enabling secure mobile banking services to be built. This includes banks, technology vendors, mobile phone OEMs, mobile network operators/carriers, trusted service providers, security professionals and investors.
Introduction to Mobile Banking Security
Five years of rapid change
Banking goes mobile
What about security?
Smart phones can improve banking security
Mobile malware on the rise and targeting banks
How banks need to respond
Business drivers for the banks
Convenience trumps security
Ease of use is essential, but poor security is a “show stopper”
Mobile could be more secure
Personal relationship to the device
Multi-factor Authentication and Verification (MFA/MFV)
The global rise of the mobile phone
Case study: South Africa
Case study – Bank of America
Rest of the world
Compliance and regulation
Dealing with the right person: Authentication
Multi-Factor Authentication/ Verification (MFA/MFV)
The threat landscape
Building secure apps – and keeping them secure
Test the whole system
How to keep apps secure
Handling high smart phone turnover
Goode Intelligence advice summary
Technology vendors and service providers
Beating rogue apps
Managing transaction risks across the channels
Related research / about Goode Intelligence
Appendix A: References
Can Banks Get Security Right For The Mobile Banking Channel?
Goode Intelligence has reported that the mobile banking channel has the potential to be more secure than traditional online banking.
“Mobile devices do create new risks but they can also help to make online banking considerably more secure”, said Ron Condon, report author and senior analyst at Goode Intelligence.
In its new report Mobile Banking Security, Goode Intelligence provides an insight into the current state of mobile banking security. This 50+ page report analyses the importance of security for mobile banking and investigates how banks, with the help of their technology partners, are deploying solutions to prevent fraud and identity theft.
The report shows that there is a great opportunity for banks to benefit from the immediacy that smart mobile devices (SMDs) offer. However, Goode Intelligence believes that there are still significant risks in adopting these exciting new communication channels and that they must be counteracted before consumers confidently accept them.
With the rise in mobile malware and cases of bank Trojans attacking mobile-based authentication solutions, banks must be vigilant and offer their customers a blend of security combined with excellent user experience.
Condon believes that the key to successful adoption for mobile banking services is a stellar user experience: “Heavy-handed security measures can often spoil the mobile user experience. Take authentication. If the bank customer has to use a hardware token to provide strong two-factor authentication (2FA) to access their banking service on a mobile device than this can completely destroy the user experience and lead to frustration. Security must blend in with the mobile banking experience.”
According to Goode Intelligence, banks should adopt a number of measures to ensure that adequate security controls are integrated into the heart of their mobile banking strategy; these include:
- Consider using the in-built features of a mobile device for stronger multi-factor authentication and verification (MFA/MFV), including biometrics, behavioural analysis and geolocation
- Monitor apps stores for any rogue apps that purport to represent your company and kill them quickly
- Introduce a plan for updating mobile banking apps
- Ensure that mobile banking apps are security tested
- Integrate mobile apps with other banking channels, so that security lessons learned in one channel benefit the others
- Educate users about system hygiene when upgrading their handset, and disposing of an old one
Ron Condon is an experienced IT professional and journalist. He has edited daily, weekly and monthly publications, and has written for national and regional
newspapers, in Europe and the US. In recent years, he has focused on information security, and is a former editor-in-chief of SC Magazine and most recently was UK Bureau Chief of SearchSecurity.co.uk.