Sunday, April 18, 2010

Identity theft and the opening of mobile banking accounts

This blog entry was triggered by a research report produced by Javelin on financial fraud in the US (read here). What caught my eye was that a measurable number of fraudulent transactions could be attributed to opening fraudulent mobile banking accounts.

I suppose this is a new hole where a fraudster can use a phone to connect a phone login to an existing bank account and in this way get access to the funds in the bank account. Mobile banking is at its most vulnerable at the point of registration. It is important to ensure that the very high security available on mobile phones not be compromised by a weak registration process.

The best way to ensure that a bank account is not compromised is to only allow "over-the-counter" registration. Only if a bank-employee has verified ID documents is it possible to register a client for mobile banking. This is of course an expensive process and complex from a client's perspective. Another mechanism is to use the ATM-network to perform mobile banking registrations. This is a secure way, as the registration would require a card present and the PIN selection can be transmitted in a very secure way.

Yet, many banks cannot deploy these mechanisms and often allow clients to register on-line. This means that the registration process is much weaker (because of the limitations of the Internet). This is the weak link in connecting a phone to a bank account. If the need to allow mobile banking registration on the Internet, fraudulent registrations will occur.

1 comment:

Anonymous said...

I agree with your view on the matter. In my own experience this remains a sticky issue to say the least. The balance between secure account registrations and customer convenience may yet see some significant breaches in the near future. I would add micro payments and remittances by phone in the mix too. Both may suffer from the same issue when the phone is linked to a pre-existing account to enable transactions.