by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
Connexus : Issue 36
must make based on its own risk appetite and understanding of its members' needs. The functionality offered should also depend on what two-factor (customer number, password, etc) and additional authentication (SMS, for example) the organisation has deployed and to what extent. Despite two-factor authentication, internet banking systems are as vulnerable to software security breaches as the devices that use them. The banking sector can't enforce the use of virus or anti-spyware on home computers or mobile devices. However, if fraud occurs, it can limit services and remove the problem, as many mutuals have already done with customers who have repeatedly been targeted. Fraudsters have now recognised the compromise potential of smartphones and started to develop specialised malware. Security experts have identified a smartphone-specific variant of the Zeus trojan, for example. Any compromise of smartphones in this way can increase the risk of SMS interception and internet banking fraud. Moving money out of your organisation is the key issue, and allowing smartphone or mobile applications that can set up first new transfers on the devices is a risk many organisations are not prepared to take. GETTING IT RIGHT FIRST TIME So are we saying smartphone or mobile banking isn't safe? Absolutely not. The fact that implementation of mobile banking is in its early stages provides our industry with an opportunity to capitalise on the lessons learned over previous years and to be proactive. We know what the risks are and how to address them. We know how crucial customer education is and how to get the messages across, and that the regulators will expect policies and risk treatment plans to cover mobile banking fraud. Public awareness has increased dramatically since 2004 and numerous products are available. Vendors are now providing security software designed specifically for smartphones. But awareness is still low overall -- similar to where home computer security was five to seven years ago. Building on current awareness with home computers, we have the opportunity at mobile banking's inception to ensure our message about security is clear . With the benefit of experience gained through implementing the first generation of online services, industry has an opportunity to roll out a major new product in a seamless and professional manner. We must ensure we understand and control the highly dynamic risks via awareness of the risk itself, supported by targeted delivery with good education. -- Leanne Vale is senior manager and Rob Crawford is senior analyst at Abacus Fraud and Financial Crimes. This is an edited extract from an article first printed in Abacus Market Scan 2011. ADELAIDE i MELBOURNE i SYDNEY i OXFORD INFORMATIONSECURITY IBUSINESSCONTINUITY&RECOVERY It’s not just about fInance. Only the foolhardy think risk management is all about financial risk. Savvy mutuals know it includes their Information Security as well. That's why they place their tr ust in CQR Consulting - Australia's largest independent infor mation security specialist. Call us now on 02 8249 4425 to see how we can help you, or visit www.cqrconsulting.com