Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Identity and Authentication Services

Cybercrime and Mobile Finance: Like Flies to Honey

Created: 13 Dec 2011 • Updated: 08 Aug 2012 • 7 comments
Brendon Wilson's picture
+3 3 Votes
Login to vote

 

Mobile wallet technology has once again become a hot topic in recent days, particularly around the potential security considerations related to these apps. The unavoidable truth is that whenever money is involved, mischief is sure to follow. I would guess this has been true since the dawn of currency.

Symantec recently published a paper detailing our stance that the widespread adoption of mobile payment-type technology will likely trigger a surge of mobile malware and in turn mobile cybercrime. The reason is that these applications rely on devices to transmit financial information – such as mobile banking credentials – backed by real monetary funds. If we’ve learned anything from the PC cybercrime realm, it’s just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals.

Despite all this, the business case and user benefits of technology that transforms mobile devices into financial tools, perhaps what we can call mFinance, cannot and should not be ignored, either. This goes beyond mobile wallet apps and includes mobile banking, online purchases performed via mobile devices and a handful of other mobile activities that involve digital or hard currency.

The fact of the matter is that the trend of using mobile devices as financial tools isn’t going anywhere but upwards. According to a research report by Berg Insight, the worldwide number of mobile banking users is expected to reach 894 million by 2015. And the Yankee Group is expecting to see one trillion mobile payments by 2015.

Thus, what the industry must do is figure out a better way to make sure that mFinance activities remain secure. There are many complexities involved in properly safeguarding devices against threats targeting mobile financial transactions. Once the transactions themselves are secured with proper encryption technology, mobile antimalware is a good next step. After all, malware is usually the backbone of the cybercrime arsenal. However, there is more that can be done.

One approach that can be taken to improve both the security and usability of mobile apps that access sensitive financial information is embedding strong authentication directly into the apps. An example of this is what one of our customers – a large financial institution – did with their mobile banking app.

By embedding Symantec authentication technology – Symantec Validation and ID Protection Service (VIP) – directly into their app, the financial institution’s mobile banking customers’ devices become a second form of authentication. Each time a user attempts to login to their account via the mobile app, a one-time passcode is automatically generated and validated on the authentication service’s backend. All this is accomplished without the user having to do anything but enter a four digit PIN. Thus, this technology’s ability to eliminate the need for users to enter in cumbersome user names and complex passwords every time they want to access their accounts thereby improves the user experience in addition to the bolstering the security of users’ account.

The widespread adoption of mFinance creates tremendous benefits and opportunities for end users, financial institutions, retail operators, carriers and third-party app developers. However, the industry needs to think outside the box in terms of security to make it a success. The same concept employed by the Symantec customer highlighted above can be implemented in a variety of different uses cases and serves as just one example of the unique strategies available to make mFinance secure and user friendly.

Comments 7 CommentsJump to latest comment

dpr's picture

Mobile wallet technology?! Have big doubts that this technology will stay for long. Time will say if i'm wright or wrong.

-4
Login to vote
Mick2009's picture

A good blog post - there are several technologies that can work together to keep these devices and their communiations secure.  I agree with the following, 100%:

> mobile antimalware is a good next step. After all, malware is usually the backbone of the cybercrime arsenal

New threats against mobiles are being discovered by Symantec Security Response more and more frequently.  Our Norton Android product and the Enterprise product, Symantec Endpoint Protection Mobile Edition 6, can help keep Windows Mobile and Symbian Smartphones free of threats like the following:

https://www-secure.symantec.com/connect/blogs/sms-fraud-android-market

https://www-secure.symantec.com/connect/blogs/mobile-malware-do-your-employees-know-what-look

https://www-secure.symantec.com/connect/blogs/one-click-fraud-targeting-smartphones-japan

https://www-secure.symantec.com/connect/blogs/android-trojan-spreads-message-revolution

Hope this helps! 

Thanks and best regards,

Mick

With thanks and best regards,

Mick

0
Login to vote
Srikanth_Subra's picture

Great compilation!!!

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

0
Login to vote
Avkash K's picture

Gr8 Info!!

Regards,

Avkash K

-2
Login to vote
fredricothomas@hotmail.com's picture

I appreciate Symantec for discussing about such topic. Mobile wallet technology indeed is a very hot topic of these days. Lots of peoples love to utilizing this system, even I love to use this process. But technology authority need to maintain strong security protocol to keep safe this developed process is secure hand. Thanks.

 

+1
Login to vote
perkins.michael2012@hotmail.com's picture

Mobile wallet technology is great technology. This blog provides lots of knowledge to me regarding mobile security.

0
Login to vote