1. In April of this year the FFIEC published new guidance focused on Mobile Financial Services (MFS). The guidance identifies the high level of risk associated with mobile devices compared to browsers on Personal Computers. In section AppE.3.b(iii) Mobile Application Risk the guidance points out how vulnerable mobile devices are due to the bank’s lack of ability to control the customer’s mobile devices and the lack of security controls on those devices such as verification of anti-malware software and a lack of anti-phishing and anti-cross-site scripting (anti-XSS) capabilities to filter out the malicious code from Websites, mobile-enabled browsers do not always have such features. The guidance also discusses how easy it is to hack a mobile device and steal personal financial data such as credit card numbers that can be used for Online Card Not Present (CNP) transactions and replicated on Near Field Communication (NFC) devices such as smartphones by criminals for fraudulent POS transactions.

    Man in the middle software is the leading malware that intercepts the customer’s password and User ID to their account and then using that information for Account Takeover Fraud, Fraudulent Wire Transfers and Online Card Not Present (CNP) fraudulent transactions. If you can replace static passwords with encrypted hardware and software tokens and implement end to end encrypted communications you prevent malware from intercepting all communications and now you do have control of who is accessing you systems and how that access is being protected.

  2. Jim Marous Jim Marous says:

    I think some of the most important advances in mobile banking in 2016 will be the elimination of traditional passwords and the integration of dual authentication processes that combine the importance of security with the desire for simplicity. Hopefully, there will be rapid uptake of some of the new biometric and token-based innovations before organizations find out the weaknesses of current systems. I also believe that the potential for risk (or loss) will be the tipping point for the conversion of card use to mobile banking use for payments. Time will tell.

Speak Your Mind


Show Comments