Banks face mobile virus threat

How safe is mobile banking?

As more and more people use their mobile phones for every part of their lives, including banking, so the threat of mobile viruses becomes even bigger - especially to banks.

Analyst house Ovum has therefore warned that banks who offer m-payment services need to make sure that their relationship with mobile network operators and handset manufacturers ensures tighter security so as to clamp down on potential virus and malware threats.

In their warning to banking institutions, Ovum states that the very concept of mobile banking is inherently vulnerable because "handsets are liable to be lost, stolen or hacked" and are "used in situations that are less secure than sitting in an office or at a home computer".

Graham Titterington, principal analyst at Ovum said, speaking to Finextra, that "Mobile networks may be intercepted either by breaking the wireless encryption mechanism or by hacking into the wired backbone of the network where encryption is not mandatory under telecommunications standards. IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the mobile banking interface."

Defence systems

Not one to unduly alarm banks, Ovum have said that any defence system implemented by financial institutions needs to be at a level that "is at least equivalent to that deployed in Internet banking but it cannot be a simple copy".

Any anti-malware system must be tailored to the appropriate "characteristics of the channel" and the way in which it is used. In the same way, Ovum warn that security must not "detract from usability", meaning that it does not interfere with general transaction action flows while protecting customers' activities.

"Banks must adopt a 'defence in depth' strategy to detect and limit the effects of an attack. Network vulnerabilities can be avoided by adopting end-to-end encryption of transactions, independent of any encryption provided by the network operator," Titterington said.

"The main objection to this in the past has been the limited computational power of the mobile device, but the time has come to reject this argument as mobile devices become more powerful. Encryption, while not a panacea, protects against eavesdropping, message alteration, and 'man-in-the-middle' attacks."

Relevant articles:

MasterCard introduces LCD display cards | World Cup 2010: the unforeseen security risks | RBS loses £93,000 in simple scam

Like this article? Get the RSS feed: