Mobile Authentication – It’s Getting Scary Out There
With his new mobile banking app, a customer deposits a $500 check in his bank. He also deposits the same check in nine other banks within the same minute. He removes the money from all 10 accounts. Welcome to the new world of mobile banking fraud.
The increased sophistication of hacker attacks and the proliferation of mobile technology are creating serious problems for banking. Beyond questions of financial responsibility lie the dilemmas of customer safety, convenience and retention. Where are the tools to secure the environment? Where is the line of responsibility between bank and customer? At what level of authentication requirement do customers revolt and bolt?
Recent seemingly contradictory court decisions have left bankers unclear as to their responsibility in online security. The Federal Financial Institutions Examination Council’s recent guidance still leaves the question of bank vs. customer responsibility for financial safety. In spite of the lack of clarity, a couple of things are clear:
Being a Bank Chief Information Security Officer is getting a lot harder –Historically identity fraud hasn’t been perceived as a big deal. We, Tower, and Javelin have made our thought leadership cases for greater concern, but thus far fraud losses haven’t been sufficient to induce behavioral change.
Unfortunately, that’s about to change with the explosive uptake of mobile banking. Stealing a phone beats stealing a wallet these days as it unlocks the bank vault. Passwords are saved on devices’ two-factor is of little use in mobile. The darn things are easy to lose. Meeting channel strategy demands securely will be no small task.
Easier to Hack – Desktop or Phone? – Somehow the 2000’s left everyone with the impression that security was a PC- only problem. Actually, hackers targeted PCs because that’s where the value was, not because it was more fun. Today’s hacker has moved beyond to phones, laptop batteries, insulin pumps, and even nuclear enrichment centrifuges. Hackers are now focused on banking apps across all mobile platforms…some with notable success. The Register reports that Google has determined that “more than 90 percent of Android users are running older versions of the mobile operating system” and the security firm Alert Logic has found that older versions contain serious kernel vulnerabilities. That gives attackers an easy way to bypass Android’s security sandbox, which is supposed to limit the data and resources each app is allowed to access.”
Windows PC systems have adapted by publishing browser and desktop upgrades that minimize the risks. Proprietary mobile operating systems make mobile a much bigger challenge since they don’t require upgrades for use.
By 2013 mobile phones will overtake PCs as the most common web access device worldwide. Mobile fraud continues to grow at a record level as passwords are ineffective. Online service providers need to protect themselves while simultaneously providing an increasingly innovative and convenient end-user experience
Watch our next three articles for a walk through on the two biggest problems in mobile identity protection and how a new authentication approach could be the remedy
To learn more, sign up for our monthly newsletter or follow us on twitter
This post was contributed by: