Professional Services from Professional Techs

Mobile Banking Apps, Smart Phones and Security

As with any application, how the app was conceived, built, tested and rolled out, determines it's robustness in the security world.

There is a long process for the development of an application, with many pit falls to be avoided, and many security advancements that have to be built in and tested.

The platform the application will run on, (Windows, WebOS, Blackberry, Apple, etc.) is often the driver of any security concerns. As well, a rush to be the first to launch and time constraints to launch, all have a bearing on just how well an application can be vetted and tested.

Next, the adoption of mobile technology in the back office by Financial Institutions will be a major hurdle. Security protocols and application compatibility with an already complex IT infrastructure will require time and planning to accommodate all of the competing stake holders. Banks now have more that ten years of experience with Internet Banking and have learned to manage those risks. Banks are rushing to fix security holes in their Apps which for the most part concern how the Phone retains data after a transaction. Most banks have less experience with mobile services and their attendant risks, and so the risks are amplified by what the banks simply haven't learned yet.

Mobile Banking is not the same as Mobile Payment with a Smart Phone. Applications already exist that can communicate with a Point of Sale and make payment as well as track payments. Mobile Payment is in most cases, a WiFi (802.11) connection or Bluetooth to a device in the store (a smart reader) that makes a credit card or debit card transaction. The Phone is a credit card and these apps have their own security issues.

Mobile Banking is paying your utility bill from your account at the bank with a Smart Phone. The connection to the bank is made through a wireless carrier (ATT, Sprint, Rogers, Bell) and your phone logs into your account at the bank. This is done through an Internet protocol that is secure. ( HTTPS). That sounds like Telephone Banking but it is much more complex.

Mobile Banking and Mobile Payment rely on "Two Factor Authentication" (something you have and something you know) The something you have is your bank card number. The something you know is your PIN number.

Mobile Internet Banking puts a third authentication into the mix. That is Secure Socket Layer Authentication (SSL) SSL is the encryption layer that the Internet Protocol uses the keep the whole transaction Secure and Safe.

Secure Socket Layer for a Mobile App is in its infancy as of now and implementing SSL into an App must be done with care and thoroughness.

 

In general, if you are using a mobile financial services app, it's a good idea not to save your password in the app. Also, it's more secure to use the app over your wireless carrier's network, rather than on an open Wi-Fi network. And, of course, remember to lock your phone with a security code or pattern.

Use Apps from trusted sources for Mobile Payment. Apps from Banks, Paypal, and Credit Card Companies. Apps from retailers may have dangerous security holes.