As Bank Systems & Technology detailed in our Sept. digital issue, the rise of mobile banking will inevitably lead to a rise in fraudsters' interest in the mobile channel. Malware attacks are already showing up in the mobile space. Fortunately, there are a number of security attributes inherent in modern mobile devices that have the potential to make the mobile channel more secure against fraud than the online channel has been. Sridhar Solour, director of mobility and cloud services at HP, says he is confident that these mobile security features will make life much more difficult for those looking to hack mobile devices for banking information. Solour gave BS&T an overview of some of the security features that mobile devices provide that can repel fraud attacks. He broke those features down into five security attributes of today's mobile devices: context, tactile interface, sensors, cloud and social media.
"It [the mobile device] knows where you are at all times," Solour says. Although that may sound a little creepy at first, consumers should feel reassured that the geo-location abilities on their smartphones will make it easier to detect fraud in the future. That geo-location ability is a simple authentication tool that can go a long way in helping to detect fraudulent charges"If you're making a transaction in California and then four hours later there is a transaction in the account originating from Sofia, Bulgaria, the mobile device can be used to alert the customer to this," Solour explains. Although a few years ago customers may have been hesitant about the idea of their bank using the GPS on their phone to track where they are, almost every app on today's smartphones asks for permission to track the customer's whereabouts, and consumers are getting more comfortable with giving that permission.
We interact with our mobile devices largely through our fingers. Devices today understand how each of us swipes or slides our fingers across their screens, making new security features possible that were impractical for the desktops we used to bank online. HP's Solour suggests that mobile devices will be able to authenticate user's signatures on their touch screens. User's could sign their names on their touch screens to authorize a mobile payment or an account transfer. The tactile interface also opens up the possibility of fingerprint verification for financial transactions or account logins.
Mobile devices today have a range of sensors that can aid in authenticating users. GPS is a sensor that, as we've already mentioned, can be used in confirming a customer's identity or transactions. "You can layer the contextual, tactile and sensor attributes [for authentication]," Solour says. "GPS is a sensor using the contextual attribute. Each one of the attributes are perpetually interlinked." Another sensor Solour mentioned that easily could be used for security purposes is the camera. Although most people use their smartphone cameras for snapping personal pictures and uploading them to Facebook or Instagram, it would be simple to use that same capability for authenticating users through facial recognition. Considering how ubiquitous smartphone cameras are in our culture today, customers probably wouldn't feel too inconvenienced by taking a picture of themselves to authorize a bill payment or P2P transfer.
Although the cloud isn't necessarily a part of the modern mobile device, the devices are growing increasingly reliant on the cloud for data storage. Mobility and cloud go hand-in-hand. Securing the cloud is part of securing mobility," Solour explains. The mobile device is inherently resource restrained in that it can't hold as much data as a desktop could. One of the most important areas for banks in securing that relationship between the cloud and the mobile device is in employees devices. Employees are likely to increasingly use their mobile device to access information that the bank has stored in the cloud, and that has to be factored into any bank's BYOD policy. Solour expects to see more banks working closely with cloud providers to develop vertical applications for their employees to safely access data that the bank has stored in the cloud.
Social media, like the cloud, is also not a part of the modern mobile device, but rather an area that could directly affect mobile security. "The byproduct of an interconnected world is openness," Solour says. "Today it is harder than ever to open a fake Facebook account." That means that there is a lot of data about the customer already available to the bank to use in securing their mobile banking. "If you see have a view [of a customer's Facebook profile] and you are calling a specific customer, you can get a whole history of that person," Solour remarks. A lot of the talk surrounding social media in banking is about how to use data form social media for more effective cross-selling and marketing. But Solour suggests that that same customer data from social media can be use to help build a security profile of the customer. For instance, if a foreign transaction shows up in a customer's account the bank can check the customer's Facebook profile for any posts about going on a vacation overseas as they're calling to confirm the transaction with the customer.
[Rise of the Mobile Wallet ]
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio