PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Best Practices in Wireless and Mobile Security

Kristen Jason by Kristen Jason
March 3, 2016
in Industry Opinions
0

Woman's hand holding a smart phone.

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

Addressing the Unique Security Challenges Mobile Devices Present

Mobile devices are introducing unprecedented improvements in convenience. However, mobile devices also present a unique set of security requirements and challenges. Mobile devices are the 21st century wallet – the ultimate in convenience for banking, shopping and entertainment. Since mobile devices contain a wealth of information, they are target rich, and hence attractive for fraudsters.

FFIEC has issued guidance on using multi-factor authentication to financial institutions for all forms of electronic banking and payment activities, including mobile banking. Multi-factor authentication uses a combination of something that the user knows (password), something that the user possesses (mobile device) or something that is inseparable from the user (biometrics). Multi-factor authentication systems is ideal of course to have a high level of security with ease of access, and transparent to the end user and not delivered to the device. A second or third layer of authentication to login makes an attack harder. But the challenge is to make an attack difficult for fraudsters without making the consumer experience unpleasant.

An example of striking this balance is the D+H Mobile Banking App. Joan Owens, product manager for the D+H Channel Solution, says “Our Mobile Banking App uses a mobile device registration process to achieve multi-factor authentication. Subsequent access to the mobile app requires only the login and password and the same device used to enroll.” In addition to multifactor authentication, Mobile Banking App security features include SSL encryption, compliant Device ID, mobile fraud risk prevention, entitlements, optional pin and debit card lock.

When it comes to data storage, community banks and credit unions need to ensure their banking apps do not store customer information, such as usernames and passwords on the mobile device. According to Sean Darragh, VP of security at Malauzai Software, “Mobile devices should be considered ‘compromised’ from a design perspective. Sensitive data such as credit card numbers, social security numbers, etc. if necessary should only live in session, and should NOT persist to the device. If data is not stored securely, then sensitive data can be retrieved from a device fairly easily as mobile devices have the propensity to ‘leak’ information due to users allowing overly permissive apps.” For example, apps that have a marketing bent, or allow in-app purchases usually ask for access to things they don’t need to function such as document management storage, use accounts on the device, or full network access. If a user grants such permissions, then the app can add or remove items from storage or see all the accounts on your device. In sum, the device would then leak information to apps that don’t specifically need it because the user has granted access to the app. Fortunately, Mobile Banking App does not store sensitive information on a device. If the FI chooses, the username can be stored, but all other information only exists for the length of the session.

So what happens if a mobile device is lost or stolen? Bank administrators need the ability to deactivate their apps on individual devices and force consumers to re-authenticate prior to assessing account information. Mobile Banking App features SAMI – an application management system designed to provide remote device and application management. Financial institutions can track devices running the Mobile Banking App, disable the app remotely if necessary, and send push notifications to the devices. The consumer can take action as well, including contacting his or her financial institution to report the missing device, and his or her mobile carrier to suspend service, as well as taking advantage of recovery apps on the market to help track lost devices. For example, Android users can take advantage of Google’s Android Device Manager to track phones/tablets that do not require an app to be installed. Customers can also use their mobile operating systems to track and wipe their devices if necessary, which is a capability that should be configured upon device setup. Being able to wipe data is crucial – customers may not even remember what they accessed on their phone over time. Any data stored on a device, even personal contacts, can be very dangerous in the wrong hands. Confidential information, emails, text messages, and browsing history, when compromised, can be used to commit illegal activities such as identity theft, and fraud.

Overall, having a strong focus on innovation with mobile banking is key, but it is important to integrate secure practices all along the way.

Tags: Fraud Risk and AnalyticsMobile Payments
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    eCommerce On Social Media, social commerce

    The Rise of Social Commerce and Social Payments

    February 3, 2023
    Electroneum AnyTask; ETN Crypto, sales enablement

    Ethical Financial Selling: The Role of Compliance Technology and Sales Enablement

    February 2, 2023
    direct deposit

    Nacha Launches Campaign to Reach Millennials on the Benefits of Direct Deposit

    February 1, 2023
    Equinix Helps UK-Based Payments Provider Enable Faster, More Reliable Payments Processing

    Equinix Helps UK-Based Payments Provider Enable Faster, More Reliable Payments Processing

    January 31, 2023
    credit card tumbling

    How to Detect, and Prevent, Credit Card Tumbling

    January 30, 2023
    Why Businesses Need to Adopt Real-Time Payments as a Competitive Differentiator

    Why Businesses Need to Adopt Real-Time Payments as a Competitive Differentiator

    January 27, 2023
    faster payments

    Faster Payments Are Set to Revolutionize Modern Digital Payments

    January 26, 2023
    How AI can Help Manage Payments Risk in 2023

    How AI can Help Manage Payments Risk in 2023

    January 25, 2023

    • Advertise With Us
    • About Us
    • Terms of Use
    • Privacy Policy
    • Subscribe
    ADVERTISEMENT
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • News
    • Resources

    © 2022 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Equinix report - Dojo Delivers Fast, Reliable and Secure Card Payments to Businesses on Platform Equinix