This year will be the year when new mobile banking and
payment initiatives will be increasingly targeted by those engaged
in fraud and identity theft.
The prediction comes from financial services advisory firm
TowerGroup, as banks increasingly view the
mobile phone or other device as a potential credit or debit
card.
Visa, for instance, is currently conducting trials for mobile
payments enabled between a mobile phone and point of sale
terminals.
While most mobile phones are potential targets, smart phones and
wireless PDAs are particularly attractive to fraudsters given their
advanced capabilities to support PC-like applications including web
browsing and instant messaging, said the consultant.
From research it has conducted, TowerGroup believes that current
mobile commerce initiatives emerging from the financial services
industry “lack a reasonable and justifiable focus on mobile
malware“.
Bob Egan, an analyst at TowerGroup, said, "The success of mobile
banking and payments, as well as the concept of the mobile wallet,
will be measured against the industry's ability to effectively
contain malware problems to a level that is at least on par with
that of the existing internet channel.”
Egan said, “Over 200 mobile viruses have already been
identified, a number that is doubling nearly every six months. Now
is the time for IT managers and line of business heads within
institutions to take action to protect both their companies and
customers from mobile malware."
To protect themselves, TowerGroup recommends that firms must
create enforceable policies regarding mobile usage, that are
communicated to employees, including what type of mobile downloads
are safe and allowable.
Wireless carriers serving an institution must also install and
monitor mobile safeguards; and the use of personal mobile phones
that can be used for corporate activities should be restricted,
mirroring the security and protocols now in place for PCs.
Firms must also evaluate which combinations of network and
device based security solutions represent the right fit for the
institution - and prioritise their deployment.
Egan said, "IT managers must examine extending their existing
malware and virus security initiatives to include mobile phones.
Likewise, the mobile commerce industry beyond financial services
players must step up to take more aggressive and immediate actions
to circumvent the potential of fraud and theft.
“To ensure that the mobile banking and payments channel will
ultimately thrive, there is no time to waste in getting ahead of
the malware challenge," he said.
The Big Question: Do you ever link your gadgets
to the corporate network?
Mobile network security
Comment on this article:
computer.weekly@rbi.co.uk