A mobile device might be lost stolen or hacked and

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: k, or in the back-end systems, be they banking, payments, retail, or insurance. A mobile device might be lost, stolen, or hacked, and the person using it might not be its legitimate owner. Mobile networks might be intercepted either by breaking the wireless encryption mechanism or by hacking into the wired backbone of the network where encryption is not mandatory under telecommunications standards. IT malware that compromises back-end servers but is harmless in the wireless environment might be passed through the mobile banking interface. Therefore a strategy of “defense in depth” is needed to protect each of these levels, and to make them resilient to attacks elsewhere in the infrastructure. It is also important for the mobile and Internet banking security communities to work together. Although the means of attack are channel-specific, the business-level threats are the same. For example, as mobile banking services become more powerful, the two channels will move toward being alternative interfaces to a common service. This will create the danger of crossover threats where weaknesses in one interface could be used to attack the other. Use-case scenarios are crucial for designing good security. To be effective, security has to be deeply embedded both in the business logic of the use cases and in the technology. Designers will have to make mobile services easy to use to make the service attractive and viable, and security must not detract from usability. The service must also be available whenever the user has an urgent need for it. worth considering comparatively lowtech solutions to minimize the risk of a fraudulent transaction occurring (for example, by phoning the customer and asking them questions only they would be able to answer). A proactive approach is required from vendors and enterprises alike Just as enterprises should think in terms of use-case scenarios and the vulnerabilities they might be subject to, security vendors need to be more proactive in protecting against threats to mobile applications. Adding security protection to new smartphones and other mobile devices before they are compromised makes sense on a number of levels, not least the building up of the security expertise that will be needed as a...
View Full Document

This document was uploaded on 12/31/2013.

Ask a homework question - tutors are online