Last week, we received a tremendous comment/question from one of our readers, an officer in the risk-management department at a very large U.S. financial institution. His question, “I may have overlooked it, but did not see too much discussion around mobile banking fraud threats, such as mobile malware and smishing. Are these threats real? If so, what controls are financial institutions putting in place to mitigate these risks? Are there other mobile banking risks on the horizon?”
That's a great question. Yes, threats of malware are real, and I expect to see the number of attacks grow exponentially greater over the next 18 months. However, so far only a handful of attacks have been recorded. See Wikipedia for a listing of mobile viruses.
The next question, “What controls are financial institutions putting in place?” The majority of financial institutions with mobile banking are using a vendor product; therefore, they are relying on the tools built in to the solution. In my previous entry on the subject (see Mobile Banking), I explained that after reviewing solutions from numerous vendors I believed they all had done a top-notch job making information security the number one priority. So, unless you are going to follow Bank of America and Wells Fargo down the path of an in-house WAP solution, you should find that the vendor has already addressed the issue on your behalf (see note 1).
That said, there is one HUGE security risk not receiving the attention it deserves and that is – THE CUSTOMER. As with online banking, the most critical element in reducing fraud is to simply educate the customer. Education can take a number of forms, including awareness campaigns, security checklists, recommended settings, and providing examples of how other clients have been deceived.
One good resource is the Microsoft page:
“Help avoid computer viruses that spread over mobile devices” Also, there are a number of companies already providing mobile antivirus security software including (note 2):
Bullgard
MyMobiSafe
Symantec
UMU
AirScanner
Kaspersky
F-Secure
Trend Micro
And as my Apple friends already know, the iPhone utilizes the OS X platform. While there is no guarantee, the accepted belief is that viruses are not an issue for Apple and that security software is not needed (note 1).
I hope this provides a better understanding of the mobile security environment. I encourage others to comment or send questions.
Brandon McGee is vice president and senior product manager at The Huntington National Bank. He is not only the real deal, a genuine industry insider, but also knows exactly what's on the minds of financial service pros as they contemplate the various mobile options. For more great content, check out his blog, Mobile Banking.
Notes:
(1) This is an opinion and not an implied guarantee of security or performance.
(2) This is in no way an endorsement of the product(s) or guarantee of performance. These were the top search results for the keywords “mobile antivirus security.”
RSS Subscribe
Last week, the Puget Sound Business Journal reported on a Pacific Northwest stealth startup that's receiving a lot of attention from Silicon Valley, at least measured in dollars. The $10 million round for Finsphere is an impressive endorsement, especially given the apparent involvement of prominent VC Mohr Davidow. 
