Security in Mobile Banking[1]

Security in Mobile Banking[1] - Security in Mobile...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Security in Mobile Banking (Project Group 4) Nishan Singh Ramya Merugu Richard Scitzs 1 Outline Introduction Evolution of Mobile Banking Mobile Applications Mobile Web Application Protocol (WAP) Mobile Banking via SMS Compare and Contrast Mobile Banking vs. On­Line Banking Securing the link from Banks to Customers Secure Consumer Practices 2 Introduction What is Mobile Banking? Use of Mobile Phone to: Facilitate Financial Transactions Loan Disbursements Money Transfers Deposits Withdrawals Even Payroll Services Demographics driving adoption of Mobile Banking 3 Evolution of Evolution Mobile Banking Mobile 4 Evolution of M-Banking In the Beginning Next Generation Account Information Customer Service Payments & Transfers Portfolio Management Technology Advancements Driving Mobile Banking Account Inquiry Activity alerts Find an ATM Smartphone 3G/4G Networks Who’s Who in Mobile Banking http://www.banktech.com/resource­center/mobile­banking/grid.jhtml;jsessionid=K http://www.banktech.com/resource­center/mobile­banking/grid.jhtml;jsessionid= 5 On-Line Banking Growth http://www.ziffdavisenterpriseevents.com/event_files/US_Mobile_Banking_Forecast__2007_-_2012.pdf Growth Projection of M-Banking http://www.ziffdavisenterpriseevents.com/event_files/US_Mobile_Banking_Forecast__2007_-_2012.pdf Mobile Applications 8 Mobile Applications There are about 20+ mobile apps available in market There currently currently AT&T­­­ FIRETHRON VERIZON ­­­FIRETHRON 3 Types of Downloadable M­Banking Apps: Customized app designed to work between bank and cell phone carrier. Apps designed to work with core banking solution provider that are adaptable to individual banks. Example – MFoundry Applications that use data from and ATM network. Example – Firethorn Example – Monitise 9 M-Banking Application Screenshots Security Pitfalls with WAP Potential Security Issues with WAP: WAP – Can pose a security risk to customers by storing customers banking information on their phone. Online Resources Mobile Banking Solution Downloaded Application Security Fully encrypted, end­to­end using SSL Device can act as hardware token No new payees Phishing proof No sensitive data stored on mobile device Mobile Browser 13 Mobile Browser Mobile Browser Types: Opera Mobile Opera Mini Sky fire Safari Mozilla­Minimo Google Android Thanderhawk Microsoft IE mobile Blazer S60 web 14 Strengths Mobile Browser Familiar User experience Session­Based data encryption Same Software and capabilities for users Supports multi­factor authentication Weaknesses Not all WAP­Compatible devices are upgradable Small browser screen size limits content Small keyboard creates typos Slow data speed Bank cannot initiate communications with customer Susceptible to Phishing Difficult to login ? 15 Browser Screenshots Micro Browser Mobile Banking Mobile via via SMS 18 M-Banking via SMS Majority of Mobile Phones support SMS Tier 1 Banks have deployed some form of SMS in the US and abroad due being inexpensive to other data services. Simple Message Service (SMS) provides the following services: Get account balance details Request a Cheque book Request Transaction Details Pay bills just like online WebBill Pay 19 SMS Banking Overview http://palisade.plynt.com/issues/2005Sep/sms-banking/ SMS Advantages/Disadvantages Advantages: Common messaging tool among consumers Works across all wireless operators Requires no software installation Real time backing information Disadvantages: Text­only and limited to 140­160 characters per message Does not offer a secure environment Comparison Comparison and Contrast Contrast 22 Services Check Bank Balances Quickly check your checking, savings and credit card account balances. Check Prepaid Debit Card Balances Quickly check your prepaid debit card account balances. Transfer Funds Simply and securely transfer funds to and from your Checking, Savings and Investment accounts. Add Money to Prepaid Cards Quickly add money to your USAA Prepaid Debit Cards for immediate access. Mobile.usaa.com Text Messaging (SMS) Mobile Banking Application Pay Bills Pay your bills on the go. To pay non­USAA bills, set them up on USAA Web BillPay® first. View Transaction History Review previous transactions on your checking, savings, and credit card accounts. View Insurance and Investments Review your investment accounts, auto, property, and life insurance. Get Stock Quotes and Place Trades Keep your investments at your fingertips — place trades and check order status instantly. Get Proof of Insurance Need your auto ID card? Have it sent to you by e­mail or fax. Privacy and Security Encrypted data and PIN access ensures your security. 23 Mobile—Comparing the Technologies Technology Short Message Service (SMS) aka text messaging Pros Cons Ubiquitous Feature Poor Natural for Alerts Security Simple Cost Cost Wireless Carrier/Device Application Protocol (WAP) Independent Speed Feature Rich experience Browser Compatibility Downloaded Software Application Fast Installation Hurdle Experience Strong Security Customer Support aka micro­browser Best User Cumbersome Device Dependent Downloaded Application vs. Mini Browser (WAP) ORCC ORCC Wells Fargo BofA BofA Application Application WAP WAP WAP 5 keystrokes 5 keystrokes 19 seconds 30 seconds (already loaded in memory) (cold start) (device already registered) (w/o registered device) 62 keystrokes 56 keystrokes 84 keystrokes 1 minute 19 seconds 1 minute 19 seconds 2 minutes 30 seconds Time and number of keystrokes on a multi-tap keypad to view current balances. M-Banking Security and Potential Threats Potential Mobile Security Security Measures by Mobile Channel/Application: SMS Security SMS is not Secure – Requires addition of Encryption at both the Cell Phone and over the Air to guarantee same level of security as a Mobile Client Application Solution: Mobile Web Security SMS with Mobile Web or Secure SMS Mobile Web similar to PC­Centric services that use HTTPS Limits Storage Risks Mobile Application More secure channel due to implementation of strong authentication and encryption of sensitive data. Applications are a target and risk of Mobile Malware Potential Threats Potential Threats – Overview: Cloning Hijacking Malicious Code Malware Man­in­the Middle Attack Phishing Redirecting SMiShing Spoofing Vishing Securing the link from Banks to Customers Banks Secure SMS Secure SMS Protocol Integrity verification Encryption – Symmetric Key using One­Time Pad/Password User ID Message Digest – Hash value of the message content calculated server application and mobile phone application. Proposed Secure Design for SMS Mobile Banking http://palisade.plynt.com/issues/2005Sep/sms-banking/ Secure Consumer Practices Secure Consumer Protection Download only M­Banking Applications from Trusted Sources 50+ Fraudulent banking Apps – Android Marketplace Conclusion Evolution of Mobile Banking Mobile Applications Mobile Web Application Protocol (WAP) Mobile Banking via SMS Compare and Contrast Mobile Banking vs. On­Line Banking Securing the link from Banks to Customers Secure Consumer Practices 34 Mobile Banking in the News Link – USAA Mobile Banking YouTube - USAA Mobile Banking Consumer Protection References http://www.bankinfosecurity.com/articles.php?art_id=2085 36 Questions??? 37 ...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online