However, considering that this is a hot topic, I would like to make the following comments:
- It is important to balance the implementation of security with usability. It is of no use having stirling security, but to implement it in such a way that it is difficult to use the system.
- The first objective of mobile banking security is to provide consumer protection. Consumers must have the confidence that their money can not be stolen. This can be achieved via secure authentication, but best would be if it is backed up by some kind of guarantee.
- Fraud is most often perpetrated by employees (or even sometimes management) that steals from the company. Good business process and segregation of duties is critical to ensure that these types of fraud does not occur.
- Security is more relevant when things go wrong. The criminally-minded, often target elements of the system when a phone stop working, or when a PIN is forgotten to design fraudulent attacks. It is important to give sufficient attention to design security into these business processes.