Blog

Sanjay Katkar
The savoir faire of safe mobile banking
July 17, 2012

The convenience and fluidity of access that mobile devices promise makes them one of the most sought after platforms for banking and mobile commerce. A recent study by IDC shows an estimated growth of 49.2% in the worldwide Smartphone market. This implies that these devices are being used for just about everything. What this also suggests is that, there will be challenges where security and privacy of the users and the service providers are concerned.

Mobile banking is carried out mostly in three ways: Using dedicated mobile banking apps, through the mobile browser and by simply sending an SMS. And there are risks involved in all of these.

Banks have to meet the staggering pressure of giving the right functionality to their customers without giving the farm away to criminals. The customers have to decide whether that app is safe enough to use. These situations would make any cyber criminal jump for joy!

Here’s a brief explanation of the issues that challenge mobile banking:

  1. Mobile-device-malware: Incorporated with key loggers and the ability to record SMS and conversations, remote tracking. Can also be used as a channel to exploit corporate networks.
  2. Lack of multi-layer security: There is no simultaneous effort to keep up with the emerging threats.
  3. Mobile platform vulnerabilities: Unpatched OS, malicious apps installed in the Mobile device further amplify the risk scenario.
  4. More players, more risks: Mobile system is dependent on a number of players such as, device manufacturers, operating systems, network operators, application developers, etc. many of which fall outside the scope of core financial services. Men-in-the-middle attacks can take place when the end user is downloading the mobile banking app from the Bank’s server or accessing the server.
  5. Even legitimate Mobile applications have a long way to go. Reportedly some of these apps still store client user names and passwords in rich text formats.
  6. Privacy issues, especially those revolving around geo-location issues need to be addressed. Financial institutions have to balance convenience with security and fraud prevention.
  7. If your precious device stays behind in the backseat of a cab or you leave it in a café and your online banking apps or sites are set to automatic log in, then a cyber criminal could potentially access your account.

The idea is to be aware so that you can enjoy the convenience of mobile banking without compromising on your security.

  1. Set an auto-lock to your device and use a password.
  2. If your device is not secure, don’t save personally identifiable information or other valuable data in it.
  3. Don’t SMS your bank account number. Delete SMSs sent from your bank.
  4. Don’t distribute your bank information to others.
  5. Use a legit app from your bank. This will ensure that you visit the appropriate site and not get caught in a phishing attack.
  6. If you have to use Wi-Fi connections in public places to access your bank account, ensure that you change the passwords immediately.
  7. Regularly check your financial statements for irregularities.
  8. Read user reviews of banking apps before you download them. Report any apps that may be spoofed.
  9. Jail-breaking or hacking your mobile device exposes it to malware attacks.
  10. Use an effective mobile security product like Quick Heal Mobile Security that brings you real-time protection against malicious apps, threats, anti-theft, call and SMS blocking features.

Mobile devices are no longer just phones – they are computers in their own right. Financial institutions and customers need to be aware of the potential security risks associated with them. Understanding the issues that plague mobile banking helps the customer to make safer and wiser choices.

Have something to add to this story? Share it in the comments.

Sanjay Katkar
About Sanjay Katkar
Sanjay Katkar is the Managing Director and Chief Technology Officer of Quick Heal Technologies Limited. He holds a Masters in Computer Science from University of...
Articles by Sanjay Katkar »

6 Comments

Your email address will not be published.

CAPTCHA Image

  1. Suman GangopadhyayJuly 17, 2012 at 12:29 PM

    Please make a Anti-Virus solution for the Symbian S-60 & S-40 platforms i.e. Nokia platforms.

    Reply
  2. Priyank GuptaJuly 17, 2012 at 2:18 PM

    Are you planning to release a Symbian (S60v5) edition of Quick Heal Mobile Security too?
    If yes, when can we expect it?
    If not, why so?

    Reply
  3. Hi Suman and Priyank,
    You can scan your Symbian phone using the PC2Mobile scan feature available in Quick Heal Total Security. This scan is either carried out through a USB cable or Bluetooth pairing. The list of devices supported by this feature can be viewed here – http://www.quickheal.co.in/pc2mobile.asp.
    Thanks.

    Reply
    • Priyank GuptaJuly 17, 2012 at 7:44 PM

      What if we want real-time protection?
      Is it really difficult to develop apps for Symbian?

      Reply
      • Hi Priyank,
        It is not difficult to develop AntiVirus for Symbian or in other words, it is not about how difficult it is to develop AV for Symbian. Developing a full featured AV software for a particular mobile platform takes a long time (about 10 to 12 months). Last year developed AV on mobile platforms like Android and BlackBerry based on their growing popularity. We skipped AntiVirus development for Symbian because of its dropping market share and Nokia’s decision to drop this OS from many of its handsets. Looking at the current market trend, if we start developing AntiVirus for this platform it will take a long time and by then there will be very few new handsets released with Symbain OS. The moblie OS market is very dynamic and this makes it quite difficult to select the right platform to develop AV solutions.
        Thanks for your patience.

        Reply
  4. Thank you very much Sir,

    Fantastic information of do`s and dont`s also with logical explanation will be very helpfull.

    Reply