Banks Offering Mobile Payment Services Must Wake up to the Threat of Malware Viruses
Banks Offering Mobile Payment Services Must Wake up to the Threat of Malware Viruses
  • Korea IT Times
  • 승인 2010.07.07 09:12
  • 댓글 0
이 기사를 공유합니다

A new report* by the independent technology analyst states that banks should work with mobile network operators and handset vendors to improve security. In addition, they should plan for living with malware and always assume the possibility of an attack. 


Graham Titterington, principal analyst at Ovum and report co-author, believes doing nothing is not an option.


He said: "Mobile banking is inherently vulnerable. Mobile devices may be lost, stolen or hacked and are used in situations that are inherently less secure than sitting in an office or at a home computer.


"Mobile networks may be intercepted either by breaking the wireless encryption mechanism or by hacking into the wired backbone of the network where encryption is not mandatory under telecommunications standards. IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the mobile banking interface."


Ovum believes defence has to design incrementally to a level that is at least equivalent to that deployed in Internet banking. However, mobile security must not be simply a copy of Internet security. While many of the concerns and strategies are similar, the approach must be tailored to the characteristics of the channel and the way in which it is used.


In addition, security must not detract from usability. Ovum believes security must be unobtrusive enough not to interfere with normal transaction flows, but at the same time provide users with the confidence to know that their banking activities are protected.


"Banks must adopt a 'defence in depth' strategy to detect and limit the effects of an attack", said Titterington. "Network vulnerabilities can be avoided by adopting end-to-end encryption of transactions, independent of any encryption provided by the network operator.


"The main objection to this in the past has been the limited computational power of the mobile device, but the time has come to reject this argument as mobile devices become more powerful. Encryption, while not a panacea, protects against eavesdropping, message alteration, and 'man-in-the-middle' attacks."


The report adds that banks should be particularly rigorous in checking the creation of new payment mandates, while emphasising ease of use when making further payments using an existing payment instruction. It recommends that banks should consider offering to reverse payments made in error, as they do with direct debit payments, even if fraud is not proven.

 

SOURCE: OVUM

 

* The report is entitled The malware threat to mobile banking.


댓글삭제
삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
댓글쓰기
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.

  • #1206, 36-4 Yeouido-dong, Yeongdeungpo-gu, Seoul, Korea(Postal Code 07331)
  • 서울특별시 영등포구 여의도동 36-4 (국제금융로8길 34) / 오륜빌딩 1206호
  • URL: www.koreaittimes.com / m.koreaittimes.com. Editorial Div. 02-578-0434 / 010-2442-9446. Email: info@koreaittimes.com.
  • Publisher: Monica Younsoo Chung. Chief Editorial Writer: Kim Hyoung-joong. CEO: Lee Kap-soo. Editor: Jung Yeon-jin.
  • Juvenile Protection Manager: Yeon Choul-woong. IT Times Canada: Willow St. Vancouver BC, Canada / 070-7008-0005.
  • Copyright(C) Korea IT Times, Allrights reserved.
ND소프트