Mobile Banking: Authentication is 'Your Best Friend'

Expert Says Mobile Security Does Not Have to be Daunting

By , November 5, 2010.
Mobile Banking: Authentication is 'Your Best Friend'

<

See Also: Understanding the Opportunities and Threats in Mobile Banking

a href="http://blogs.bankinfosecurity.com/posts.php?postID=752 ">Mobile security is a problem. But Jason Rouse, principal security consultant and director of the mobile and wireless practice for Cigital, says financial institutions can overcome the challenges, with a little foresight and structured technology, such as data analytics.

Authenticating mobile transactions is challenging, because of the fluid nature of mobile-browsing habits, "It's an unfortunate side-effect of the way that a lot of wireless networks are structured," Rouse says. "So, as I connect and disconnect from the network, as I turn my phone on and off or as I just roam to other carriers, it is actually very difficult to maintain a single IP address. As a consequence of the way that the networks are structured, technically, we normally have IP changes in the range of hours to days for every mobile client."

Better transaction authentication, using technologies such as biometrics, could help. As the financial industry gets a better handle on the steps needed to secure mobile-banking transactions, Rouse says security and authentication will improve. During the Mobile Financial Services Forum (@Twitter #MobileForum) in Arlington, Va., Rouse discussed some of the security challenges facing the industry.

In this interview, Rouse gives his top three tips for mobile security, explaining:

  • The role biometrics plays in transaction authentication;
  • The importance of managing the user experience; and
  • Solid analytics: A banker's "best friend."

Rouse is the principal security consultant for Cigital, where he leads the mobile and wireless security practice, performs security architecture assessments and serves as an advisor to some of the world's largest development organizations. He also is responsible for the creation of durable, actionable artifacts, spanning the continuum of software security from development standards to enterprise risk-management frameworks.

Mobile NFC and Global Platform

TRACY KITTEN: Mobile security concerns -- it's a big concern, and for many reasons we don't yet truly understand. Jason Rouse, a mobile security expert, talks about mobile's vulnerabilities during the Mobile Financial Services Forum in Arlington, Va. Jason, you sat on a panel and during that panel discussion we talked quite a bit about the security of the mobile channel overall, and you noted that near-field communications or radio-frequency communication is perhaps the least secure type of communication. I also spoke with someone who was talking about Global Platform, this set of standards set up to protect some of this wireless connectivity or wireless communication. Could you talk a little bit about the security and where the global platform from your mind fits into the picture?

JASON ROUSE: Global Platform is a set of protocols and standards that allow for secure communication over potentially insecure channels. When we were talking on the panel yesterday, I wanted to note that radio-frequency communication, in general -- 802.11, ZigBee, Bluetooth -- are very insecure by nature, and therefore must be paired up with things like Global Platform in order to be even remotely secured. Most of the time, security standards are very well implemented and they are very well designed. But, throughout history, in almost every platform available, there have always been implementation problems; there have always been hiccups, and there has always been issues that come up, usually when a technology or a standard has been used beyond its normal end-of-life.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Sally Beauty Details POS Malware Attack

Sally Beauty Supply says that a four-week investigation shows that the retailer suffered a six-week...

Latest Tweets and Mentions

ARTICLE Sally Beauty Details POS Malware Attack

Sally Beauty Supply says that a four-week investigation shows that the retailer suffered a six-week...

The ISMG Network