Friday, 24 April 2009

Is mobile banking really secure?

With mobile banking transactions tipped to rise from 2.7 billion annually in 2007 to 37 billion by 2011, security experts are warning of the security risks associated with new mobile banking and payment channels.

Every time a bank opens up a new channel to customers, it presents new opportunities for fraudsters. Anti-fraud software provider, 41st Parameter, claims that users have good reason to be sceptical about the security of mobile banking transactions.

Ori Eisen, founder and chief innovation officer at 41st Parameter, says transactions between a mobile device and the bank are not as well-guarded as internet transactions as they only use basic identification and verification checkpoints.

According to Eisen, mobile banking systems are not able to determine whether a device accessing its mobile banking site is a mobile device, PC or laptop.

"Mobile banking touch points are easier to gain access to as they don’t have the security layers that internet sites do. Because fraudsters are able to mimic the appearance of a mobile device as easily as they can a PC or laptop, they are capable of infiltrating an unsuspecting bystander’s mobile banking account," writes Eisen in a white paper entitled: Mobile Banking - An Easy Target for fraud?

Eisen maintains that a multi-layered approach to security incorporating a firewall, password and encryption barriers and real-time tracking that identifies devices that were initially refused admission to a site and have changed their identity to try and gain access, is the best way of securing mobile banking transactions.

In addition to the information (credit credentials and personal identity) that is typically used to authenticate an individual, Eisen says Client Device Identification (CDI) goes beyond simple user names and passwords to detect suspect mobiles at device level. CDI can differentiate a device visiting a site regardless of the credentials presented or the IP address.

No comments: