Wednesday, January 31, 2007

Mobile banking a target for criminals?

The Tower Group recently produced a report highlighting the danger of mobile banking and how criminals will now start to target mobile banking users:

"The success mobile banking and payments, as well as the concept of the mobile wallet, will be measured against the industry's ability to effectively contain the malware problems to a level that is at least on par with that of the existing Internet channel", said Bob Egan, Chief Analyst at TowerGroup and author of the research.

Of course analysts must prove their worth by coming up with new thoughts in order to sell their reports. To label some of the ideas presented as "absurd" would be to complement the analyst. The best case in point is the fear created in humankind about the "Y2K-problem". This will probably go down in history as the biggest analyst scam ever.

To be able to write a full report on how criminals will target mobile banking users by means of "malware", is not on the same scale, but falls in the "Y2K" category. Sure, bad deployments of mobile banking solutions (especially if it is a porting of an Internet banking site onto a browser on a phone) may be exploitable. This is definitely possible, but will only be applicable if mobile banking was implemented without due consideration of state of the art techniques and by contracting professionals.

Because of the nature of mobile phones and the design available to specialists in mobile banking, it is possible to deploy mobile banking solutions that is more secure than any other means commercially available today. As a matter of fact, we at Fundamo have deployed the first three-factor authenticated banking solution commercially (it is being used successfully by a major bank). This means that a customer interaction is authenticated on "something he/she has" (the SIM card in his/her phone), "something he/she knows" (a PIN that is never in the clear), and "something he/she is" (a digital voice print).

In a recent test, we gave access to a professional hacker to a test environment running Fundamo software. The conclusion was that mobile banking (implemented correctly) is "un-hackable".

Mobile banking a target for criminals? - you be the judge.

No comments: