This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Security in Mobile Banking
(Project Group 4) Nishan Singh
Richard Scitzs 1 Outline Introduction Evolution of Mobile Banking Mobile Applications Mobile Web Application Protocol (WAP) Mobile Banking via SMS Compare and Contrast Mobile Banking vs. OnLine Banking Securing the link from Banks to Customers Secure Consumer Practices 2 Introduction What is Mobile Banking? Use of Mobile Phone to: Facilitate Financial Transactions Loan Disbursements Money Transfers
Even Payroll Services Demographics driving adoption of Mobile Banking
3 Evolution of
Mobile 4 Evolution of M-Banking In the Beginning Next Generation Account Information
Payments & Transfers
Portfolio Management Technology Advancements Driving Mobile Banking Account Inquiry
Find an ATM Smartphone
3G/4G Networks Who’s Who in Mobile Banking http://www.banktech.com/resourcecenter/mobilebanking/grid.jhtml;jsessionid=K
http://www.banktech.com/resourcecenter/mobilebanking/grid.jhtml;jsessionid= 5 On-Line Banking Growth http://www.ziffdavisenterpriseevents.com/event_files/US_Mobile_Banking_Forecast__2007_-_2012.pdf Growth Projection of M-Banking http://www.ziffdavisenterpriseevents.com/event_files/US_Mobile_Banking_Forecast__2007_-_2012.pdf Mobile Applications 8 Mobile Applications
There are about 20+ mobile apps available in market
currently AT&T FIRETHRON VERIZON FIRETHRON 3 Types of Downloadable MBanking Apps: Customized app designed to work between bank and cell phone carrier. Apps designed to work with core banking solution provider that are adaptable to individual banks. Example – MFoundry Applications that use data from and ATM network. Example – Firethorn Example – Monitise
9 M-Banking Application
Screenshots Security Pitfalls with WAP Potential Security Issues with WAP: WAP – Can pose a security risk to customers by storing customers banking information on their phone. Online Resources Mobile Banking Solution
Security Fully encrypted, endtoend using SSL
Device can act as hardware token
No new payees
No sensitive data stored on mobile device Mobile Browser 13 Mobile Browser Mobile Browser Types: Opera Mobile Opera Mini Sky fire Safari MozillaMinimo Google Android Thanderhawk Microsoft IE mobile Blazer S60 web
14 Strengths Mobile Browser Familiar User experience SessionBased data encryption Same Software and capabilities for users Supports multifactor authentication Weaknesses Not all WAPCompatible devices are upgradable Small browser screen size limits content Small keyboard creates typos Slow data speed Bank cannot initiate communications with customer Susceptible to Phishing Difficult to login ? 15 Browser Screenshots Micro Browser Mobile Banking
SMS 18 M-Banking via SMS Majority of Mobile Phones support SMS
Tier 1 Banks have deployed some form of SMS in the US and abroad due being inexpensive to other data services. Simple Message Service (SMS) provides the following services: Get account balance details
Request a Cheque book
Request Transaction Details
Pay bills just like online WebBill Pay 19 SMS Banking Overview http://palisade.plynt.com/issues/2005Sep/sms-banking/ SMS
Advantages/Disadvantages Advantages: Common messaging tool among consumers
Works across all wireless operators
Requires no software installation
Real time backing information Disadvantages: Textonly and limited to 140160 characters per message
Does not offer a secure environment Comparison
Contrast 22 Services Check Bank Balances
Quickly check your checking, savings and credit card account
Check Prepaid Debit Card Balances Quickly check your prepaid debit card account balances.
Transfer Funds Simply and securely transfer funds to and from your Checking, Savings and Investment accounts.
Add Money to Prepaid Cards Quickly add money to your USAA Prepaid Debit Cards for immediate access. Mobile.usaa.com Text Messaging (SMS) Mobile Banking Application Pay Bills Pay your bills on the go. To pay nonUSAA bills, set them up on USAA Web BillPay® first. View Transaction History Review previous transactions on your checking, savings, and credit card accounts. View Insurance and Investments Review your investment accounts, auto, property, and life insurance.
Get Stock Quotes and Place Trades Keep your investments at your fingertips — place trades and check order status instantly.
Get Proof of Insurance Need your auto ID card? Have it sent to you by email or fax.
Privacy and Security
Encrypted data and PIN access ensures your security. 23 Mobile—Comparing the Technologies
Technology Short Message Service (SMS) aka text messaging Pros Cons Ubiquitous Feature Poor Natural for Alerts Security Simple Cost Cost
Wireless Carrier/Device Application Protocol (WAP) Independent Speed Feature Rich experience
Browser Compatibility Downloaded Software Application Fast Installation Hurdle Experience
Strong Security Customer Support aka microbrowser Best User Cumbersome Device Dependent Downloaded Application vs. Mini
ORCC ORCC Wells Fargo BofA BofA Application Application WAP WAP WAP 5 keystrokes 5 keystrokes 19 seconds 30 seconds (already loaded in memory) (cold start) (device already registered) (w/o registered device) 62 keystrokes 56 keystrokes 84 keystrokes 1 minute 19 seconds 1 minute
19 seconds 2 minutes
30 seconds Time and number of keystrokes on a multi-tap keypad to view current balances. M-Banking Security
Potential Mobile Security Security Measures by Mobile Channel/Application: SMS Security SMS is not Secure – Requires addition of Encryption at both the Cell Phone and over the Air to guarantee same level of security as a Mobile Client Application
Solution: Mobile Web Security SMS with Mobile Web or Secure SMS Mobile Web similar to PCCentric services that use HTTPS
Limits Storage Risks Mobile Application More secure channel due to implementation of strong authentication and encryption of sensitive data. Applications are a target and risk of Mobile Malware Potential Threats Potential Threats – Overview: Cloning
Maninthe Middle Attack
Banks to Customers
Banks Secure SMS Secure SMS Protocol Integrity verification Encryption – Symmetric Key using OneTime Pad/Password User ID Message Digest – Hash value of the message content calculated server application and mobile phone application. Proposed Secure Design for SMS
Mobile Banking http://palisade.plynt.com/issues/2005Sep/sms-banking/ Secure Consumer Practices
Secure Consumer Protection Download only MBanking Applications from Trusted Sources 50+ Fraudulent banking Apps – Android Marketplace Conclusion Evolution of Mobile Banking Mobile Applications Mobile Web Application Protocol (WAP) Mobile Banking via SMS Compare and Contrast Mobile Banking vs. OnLine Banking Securing the link from Banks to Customers Secure Consumer Practices
34 Mobile Banking in the News Link – USAA Mobile Banking
YouTube - USAA Mobile Banking Consumer Protection References http://www.bankinfosecurity.com/articles.php?art_id=2085 36 Questions??? 37 ...
View Full Document
This note was uploaded on 08/29/2011 for the course CSC 607 taught by Professor Dr.pradipp.dey during the Spring '11 term at National.
- Spring '11