Mobile banking vulnerability highlighted
20 Jul 2010:
Analyst firm Ovum has warned of the need to improve security collaboration.
A report by Ovum, entitled The Malware Threat to Mobile Banking, also calls for more collaboration, saying that banks providing m-payment services need to begin working with mobile network operators and handset manufacturers to enhance security measures ahead of an anticipated explosion in malware threats.
The analyst firm believes that mobile banking and payments is inherently vulnerable because handsets can be stolen, lost or hacked more easily because they are used in situations that are typically less secure than an office or household computer. This is why the report’s author Graham Titterington, is calling for banks, network and device vendors to cooperate more fully, perhaps emphasising better encryption to stop ‘over the air’ mobile hacking and better keypad locking techniques and so forth. He also emphasises this is not just an end user issue, warning that malicious software could infect a bank’s entire operations, via the mobile channel, unless security is enhanced. “IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the interface,” he said, adding that mobile phones had become powerful enough to constitute a standalone security threat to entire IT architectures.
Ovum advises that layered defences have to be designed to a standard that is at least equivalent to that presently deployed for internet banking, but these security measures should not just be a simple copy and should be specific to the mobile channel and its characteristics without impairing end user usability. Quite a challenge then, but better encryption and cooperation is a good place to start.
For the full report, please see FSTech Magazine
Leave a Reply