by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
Connexus : Issue 42
Security hang-ups Cybercriminals are aiming to cash in on the popularity of mobile banking. BY CYNTHIA KARENA T he growth of mobile banking has attracted the attention of fraudsters who are taking advantage of improved technology and holes in security to target mobile platforms. The size of the ﬁnancial institution isn't important, says Rob Crawford, Abacus’ ﬁnancial crimes senior analyst. "You can't say that as a small credit union you won't fall victim. Cyber criminals will go straight for the easiest target," he says. “Who wants to be the ﬁrst ﬁnancial institution in Australia to be the ﬁrst victim of mobile banking fraud?" Apart from implementing their own security measures, mutuals should be encouraging members to think about the security of their mobile device in the same way they have come to think about PC security, says Crawford. Building an application rather than a mobile web browser is a good start in beeﬁng up security, according to Nick Savvides, senior principal systems engineer at data security ﬁrm, Symantec. Security is limited with mobile web browsers, he says, while apps offer more possibilities and users are already conditioned to search for and install them on their devices, he says. "Mutuals should take advantage of this and build the security into feature rich mobile apps, including things like device security detection, and embedded two-factor-authentication." Simple and smart The security threats to mobile banking are complex but the solutions for members should be simple, says Leanne Vale, Abacus’ ﬁnancial crimes senior manager. "People have internet security on their PC or laptop but typically they don't think of putting any kind of security on their smartphone. Anyone could write a fake banking app, or even an app with malware. Security is not about putting users through more hoops, she says. It can be seamless and work in the background. "Use some basic security features, such as digital certiﬁcates, locking banking sessions, digital authentication, device registration, and geo matching. '"Why deploy a shiny new banking app without security behind it?" Vale says many of the losses suffered during the past 10 years of internet banking could have been avoided if ﬁnancial institutions had acted earlier to implement more robust security. Quick response Financial institutions also need to monitor transactions closely and respond to attacks quickly -- even if they use a third party -- so they understand what went wrong, says Stephen McCombie, the former founder and manager of NAB's Computer Emergency Response Team who now manages the global Security Incident Response Control Centre at IT ﬁrm CSC. "Quickly respond by putting in measures to ﬂag and stop the proﬁle of the fraudulent transaction. When a customer tells you, you're already on the back foot. Only one has told you, how many others are there?" Take note of your competitors' security measures and go one step better, suggests Rob Forsyth, A PAC If you're chased by a bear, you need to be faster than the guy next to you -- so every extra layer of security counts. Rob Forsyth, APAC director, Sophos 36 Connexus Technology