The myths and realities of mobile device security

Print
Email
|

by RENAY SAN MIGUEL/KING 5 News

NWCN.com

Posted on January 16, 2014 at 1:04 PM

Updated Thursday, Jan 16 at 3:57 PM

Digital hackers look for target-rich environments, so they know that the trend in computing has moved to mobile devices like smartphones and tablets. The bad guys may indeed be salivating at research showing increases in mobile commerce and banking, because that could unlock the vaults for more mischief and fraud.

But is that actually happening?

"The banks are telling us they're experiencing very low levels of (device) fraud, and that the mobile channel is actually more secure," says Scott Carter, chief marketing officer for Mitek Systems, a leading provider of imaging software for mobile financial transactions. Mitek's products are used by more than 1,000 financial institutions, including the top 10 U.S. retail banks, according to the company.

You may be thinking that Carter would obviously be optimistic about mobile security, since his company's fortunes depend on banks trusting the technology. You should also keep in mind, however, that some digital security firms have their own reasons for stoking fears of mobile hacks; they also want to sell products.

Carter says mobile devices have additional levels of security not found in other digital channels:

* The danger of face-to-face transactions between banking representatives and convincing, savvy fraudsters obviously is reduced.

* Mobile devices offer location-based data, so if transactions start in Seattle but continue from, say, Eastern Europe, that would be a red flag for investigators.

* Smartphones and tablets have unique mobile IDs. "This allows banks to intelligently understand if that device has been associated with that consumer behavior before," Carter said. Banks can tell "what's normal in customer behavior that's come from that device, and in contrast if it has been associated with suspicious or fraudulent activity before. We can do that either at the device level or authenticating it back to the mobile provider, which is very useful in the case of a stolen phone."

* At a more basic level of security, the customer is logged into a banking application that requires a username and password.

"Banks actually tend to prefer that the customer be logged into the banking application as opposed to transacting directly from a web browser, because they can certainly can provide a more consistent user experience in the app, but also more consistent applications of security protocols with the banking application that they control," Carter said.

Security companies have seen a rise in mobile malware, but much of that is tied to social engineering tactics like phishing that are favorites of hackers. That malware requires clicking on infected links, and has nothing to do with any inherent risks in a smartphone or tablet. (If you shouldn't open a suspicious link in an email from your desktop computer, you shouldn't do the same thing on a smart phone.)

Banks aren't yet breaking out any data regarding incidents of mobile fraud vs. other online channels. But Carter says the last three surveys from Celant, a global research firm for the financial industry, have shown that 90 percent of the banks polled had no losses stemming from remote check deposits.

Emerging technologies like biometrics can also help - witness the fingerprint identity scan on the new iPhone 5s.

"I think you'll see over time that biometrics will become more prevalent," he said, "but given privacy concerns you'll certainly see a situation where consumers will have the ability to opt in and determine for themselves if they want that extra layer of security and convenience."

 

 

 

 

Print
Email
|