Mobile wallet technology has once again become a hot topic in recent days, particularly around the potential security considerations related to these apps. The unavoidable truth is that whenever money is involved, mischief is sure to follow. I would guess this has been true since the dawn of currency.
Symantec recently published a paper detailing our stance that the widespread adoption of mobile payment-type technology will likely trigger a surge of mobile malware and in turn mobile cybercrime. The reason is that these applications rely on devices to transmit financial information – such as mobile banking credentials – backed by real monetary funds. If we’ve learned anything from the PC cybercrime realm, it’s just how lucrative the exploitation and sale of this kind of information can be for enterprising cyber criminals.
Despite all this, the business case and user benefits of technology that transforms mobile devices into financial tools, perhaps what we can call mFinance, cannot and should not be ignored, either. This goes beyond mobile wallet apps and includes mobile banking, online purchases performed via mobile devices and a handful of other mobile activities that involve digital or hard currency.
The fact of the matter is that the trend of using mobile devices as financial tools isn’t going anywhere but upwards. According to a research report by Berg Insight, the worldwide number of mobile banking users is expected to reach 894 million by 2015. And the Yankee Group is expecting to see one trillion mobile payments by 2015.
Thus, what the industry must do is figure out a better way to make sure that mFinance activities remain secure. There are many complexities involved in properly safeguarding devices against threats targeting mobile financial transactions. Once the transactions themselves are secured with proper encryption technology, mobile antimalware is a good next step. After all, malware is usually the backbone of the cybercrime arsenal. However, there is more that can be done.
One approach that can be taken to improve both the security and usability of mobile apps that access sensitive financial information is embedding strong authentication directly into the apps. An example of this is what one of our customers – a large financial institution – did with their mobile banking app.
By embedding Symantec authentication technology – Symantec Validation and ID Protection Service (VIP) – directly into their app, the financial institution’s mobile banking customers’ devices become a second form of authentication. Each time a user attempts to login to their account via the mobile app, a one-time passcode is automatically generated and validated on the authentication service’s backend. All this is accomplished without the user having to do anything but enter a four digit PIN. Thus, this technology’s ability to eliminate the need for users to enter in cumbersome user names and complex passwords every time they want to access their accounts thereby improves the user experience in addition to the bolstering the security of users’ account.
The widespread adoption of mFinance creates tremendous benefits and opportunities for end users, financial institutions, retail operators, carriers and third-party app developers. However, the industry needs to think outside the box in terms of security to make it a success. The same concept employed by the Symantec customer highlighted above can be implemented in a variety of different uses cases and serves as just one example of the unique strategies available to make mFinance secure and user friendly.