Some banks are already using mobile network operators to help secure customers’ access to their accounts, says Joe DiFonzo, CTO of Syniverse, which helps connect different mobile networks worldwide. A simple example of this would be if a bank sends a short authentication code to a customer’s mobile device when they log into online banking from a new computer.
“The telco networks are pretty hard to hack and in these cases the network becomes an authentication factor,” DiFonzo explains.
In the future DiFonzo says he expects banks will be able to integrate the security of those mobile networks into their mobile banking and payments apps as well.
“When organizations work to integrate mobile networks into their mobile experience then they have all of that network’s mobile security infrastructure working for them. You’re leveraging AT&T, T-Mobile or another network to protect against hackers,” he remarks.
Although the networks have previously been a rather closed community in terms of sharing their security capabilities in this fashion, DiFonzo reports that he sees network operators opening up to this possibility lately by allowing developers to integrate the networks more into apps.
“They want to open up and prove the security benefits of connecting to their network,” says DiFonzo. “They’re looking for more revenue streams, and using their network with it’s security and guaranteed performance, which the internet doesn’t provide is one way to do that.”
I found a similar interest among telcos to offer the security of their networks when I was in Canada last month reporting on mobile payments initiatives there. The major Canadian mobile carriers banded together and formed a company called Enstream, which enabled Canadian credit card issuers to securely move their customers’ encrypted card credentials through the telcos’ networks to the SIM cards on customers’ mobile devices.
The telcos created a secure element in the SIM cards to store those credentials, which they charged the issuers for, Almis Ledas, Enstream’s COO explained.
This system is not dissimilar from what the U.S. telcos have done with Isis, which also allows card issuers to get their card credentials on mobile devices. But to get their cards in the Isis wallet the issuers have to agree to allow Isis to manage those credentials. Enstream instead allows the issuer to continue to manage the credentials, and simply provides the space to store them, Ledas shared.
So the issue is trust and control. Are banks and telcos willing to trust each other and give up some control over their customers to enable new capabilities and improve security? The Canadian banks and telcos found a compromise. It remains to be seen if the same can happen in the U.S.