News & Commentary

11:15 AM
Jonathan Camhi
Jonathan Camhi
Connect Directly

How Banks Can Leverage Mobile Network Operators for Security

Mobile network operators are starting to take steps to open up their security infrastructure for other enterprises to leverage.

Some banks are already using mobile network operators to help secure customers’ access to their accounts, says Joe DiFonzo, CTO of Syniverse, which helps connect different mobile networks worldwide. A simple example of this would be if a bank sends a short authentication code to a customer’s mobile device when they log into online banking from a new computer.

“The telco networks are pretty hard to hack and in these cases the network becomes an authentication factor,” DiFonzo explains.

In the future DiFonzo says he expects banks will be able to integrate the security of those mobile networks into their mobile banking and payments apps as well.

“When organizations work to integrate mobile networks into their mobile experience then they have all of that network’s mobile security infrastructure working for them. You’re leveraging AT&T, T-Mobile or another network to protect against hackers,” he remarks.

Although the networks have previously been a rather closed community in terms of sharing their security capabilities in this fashion, DiFonzo reports that he sees network operators opening up to this possibility lately by allowing developers to integrate the networks more into apps.

“They want to open up and prove the security benefits of connecting to their network,” says DiFonzo. “They’re looking for more revenue streams, and using their network with it’s security and guaranteed performance, which the internet doesn’t provide is one way to do that.”

I found a similar interest among telcos to offer the security of their networks when I was in Canada last month reporting on mobile payments initiatives there. The major Canadian mobile carriers banded together and formed a company called Enstream, which enabled Canadian credit card issuers to securely move their customers’ encrypted card credentials through the telcos’ networks to the SIM cards on customers’ mobile devices.

[For More On Mobile Payments in Canada, Check Out: Mobile Payments Heat Up in Canada]

The telcos created a secure element in the SIM cards to store those credentials, which they charged the issuers for, Almis Ledas, Enstream’s COO explained.

This system is not dissimilar from what the U.S. telcos have done with Isis, which also allows card issuers to get their card credentials on mobile devices. But to get their cards in the Isis wallet the issuers have to agree to allow Isis to manage those credentials. Enstream instead allows the issuer to continue to manage the credentials, and simply provides the space to store them, Ledas shared.

So the issue is trust and control. Are banks and telcos willing to trust each other and give up some control over their customers to enable new capabilities and improve security? The Canadian banks and telcos found a compromise. It remains to be seen if the same can happen in the U.S.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/1/2013 | 3:24:32 PM
re: How Banks Can Leverage Mobile Network Operators for Security
I think part of the issue here centers around Isis and how the telecoms view the banks. Obviously they need to partner with issuers for Isis to work, but to extent they may view the banks as competitors as well. And if they view the banks as competitors how much will they be willing to help banks with their own mobile payments apps?
User Rank: Author
11/1/2013 | 12:38:06 PM
re: How Banks Can Leverage Mobile Network Operators for Security
This kind of partnership could continue into the future. In many places, telecom companies are operating mobile payment networks, but I could see more information and control sharing between telecoms and banks to share the spoils, so to speak, rather than fighting over it.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.