« Things worth reading: 10th October 2013 | Main | Things worth reading: 11th October 2013 »

October 10, 2013

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Simon

Again Amen,

The phone is the single greatest thing to happen to Fraud PREVENTION since someone invented a safe.

To add to your list, you also have the camera for facial recognition, voice biometrics, the device itself (IMEI, DeviceID, Device Fingerprint). Things like Trusted Zone from ARM becoming standard...

The people who develop the mobile apps need to think about how to use these to combine a strong user experience and improve fraud prevention. Fraud prevention has been lazy in my view, and turns into business prevention.

+1 for getting more creative!

Paul

Maximally unknown dynamic assemblies of behavio- and biometrics is the likely next step. Main challenge is transferable rights and multiple persona's/avatars.

George Raad

Very interesting conversation, which I am very familiar with. My company has developed the World's smallest GPS Wristband with all the functions of a smart phone. I do not want this post to sound like some kind of a cheap sales pitch, however, we are advancing the use of Mobile Communications in a way that will revolutionize the industry. We are months away from releasing the Plasma Phone. What is it? It is a fully operational Wearable Mobile Network that communicates via GSM Networks around the world.The greatest advantage is this device has absolutely no plastic and is fully conformable to anyone, It Is Liquid!! This device ensures security for the highest levels. It can be used as a geolocator, Fingerprint Verifier, heartbeat monitor even retina scanning. It has 2 way voice communication abilities and your conversations are always kept private via a RF earpiece that is placed BEHIND the ear not in the ear. Watch for it in the coming Months. I am very open to answering any questions anyone has and explain this technology in greater detail.

Hugh

Agreed, this is constructive. It's useful to know where the customer is and be able to enforce elevated authentication, but I don't believe it's the complete answer as it overlooks an important point about mobile malware.

Depending on the specific technology (e.g. Android vs iOS vs WinPhone) smartphones and other mobile devices are susceptible (and the target of) online banking malware. Cyber criminals make a lot of money from online banking fraud and are focussing significant effort on developing this malware.

Just like banking malware on traditional PCs, mobile malware is capable of keylogging, initiating transactions without the customer's knowledge and intercepting text messages to authenticate fraudulent transactions. There are publicly reported losses of about £30M across many European banks in the second half of 2012 (just search for malware known as 'Eurograbber'). Right now there doesn't seem to be a reliable way to confirm that a device isn't compromised.

So in short you can't just rely on authenticating the mobile device or even authenticating the customer - you also need to consider authenticating the specific transaction, preferably using some method that can't be influenced by malware on a compromised mobile device. The key seems to be making this more customer-friendly than a separate token or whatever.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Search blog


Your email address:


Powered by FeedBlitz

Become a Fan

Twitter FSClub

    follow me on Twitter
    Amazon Digital Bank

    Financial Brand Editor's Choice

    Alex: The Finanser BlogAlex at the Financial Services Club
    Gaping Void: The Finanser BlogGaping Void's Hugh MacLeod worked with the Finanser
    Wordle: The Finanser Blog

    The Financial Brand

    NetBanker

    Payments News - from Glenbrook Partners

    Payments RSS

    Tomorrow's Transactions blog

    Analytics