1
What You Need To Know About Mobile Banking Security
What You Need To Know About Mobile Banking Security
Rajesh JayaramanCTO
3
We’re glad you’re here! We’ll start soon. A video of this presentation will be sent to you next week. Email questions to: [email protected]
While you’re waiting, register for our next webinar:
How Credit Unions Can Engage the Youth MarketWed, Nov 28, 2012 2:00-3:00 PM ESThttp://bit.ly/EngageYouthWith Tim McAlpine, President of Currency Marketing & Laurie McLachlan, VP Marketing at Andera
Hello!
Our Mission
To simplify deposit account opening and loan origination across all banking channels for customers or members and the employees who serve them
2004 2005 2006 2007 2008 2009 2010 2011 2012
2 10 23 3758
82111
143
193232
260
358379
443
508 520550
Our History
o Opened the first deposit account online for Bank Rhode Island in 2004
o Industry leader with 550+ financial institution customers
o In 2011, acquired oFlows platform, a four-time Finovate Best of Show winner for mobile, multichannel user experience
Our Clients
Platform
Product
Features
Our Integrations
Product
Solution oFlows Online
Deposits
Loans
Forms DepositsLoans
Forms
oFlows Branch
Our Product: Andera oFlows
Mobile Is Here and It’s Real
0
500
1000
1500
2000
2500
3000
2009 2010 2011 2012E 2013E 2014E 2015E0
500
1000
1500
2000
2500
3000
Data Source: Mary Meeker’s 2012 “State of the Internet” Report
Global Installed Base By Device
Mobile for Customer Acquisition
Data Source: Andera
Security Is a Barrier to Adoption
Very Safe Somewhat Safe
Somewhat Unsafe
Very Unsafe Don’t know 0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
TotalUsersNon Users
Data Source: Federal Reserve Board Mobile Financial Services Survey 2012
How would you currently rate the overall security of mobile banking for protecting your personal information?
The Nature of Mobile Threats
A computer in every pocket changes the nature of threats:
Devices can be stolen or lost
Work and personal devices are co-mingled
Small screen means security cues are more subtle
Many threats are the same: Phishing or Social
Engineering Malware Man in the Middle or Man
in the Browser Good Old-fashioned Fraud
The Nature of Mobile Threats
DO: Implement All Web Security Measures
o Mobile banking sits on top of online banking infrastructure
o All network and server-side protections remain relevant:
Perimeter Network Servers Application Data
DON’T: Trust the Mobile Device
o Devices can be compromised, stolen, jail-broken, infected or impersonated
o Treat all information that comes from the device as suspect and validate
o If you rely on the device for any security, ensure that you repeat those steps on the server as well
o Storing any sensitive information on the device, even encrypted, is a bad idea
DO: Encrypt All Communications
o Untrusted and impersonated Wi-fi networks are everywhere
o Cellular networks do not offer any security guarantees
o If you use a native app, Ensure that server certificate is not spoofed Ensure that the app communicates with only your server
o If you use the mobile web, always use HTTPS And disable unencrypted access to your application
DO: Use Capabilities to Enhance Security
o Smart devices have a variety of features that can enhance your security and compliance:
GPS Device geo-location better than IP geo-location
Camera Document uploads Video could be more secure than phone in your call center
channel NFC, QR Codes etc.
o Caution: Use all these features, but don’t trust them
Native Apps vs. Mobile Web
Native Apps Mobile Web Access advanced device
capabilities sooner than Mobile web
Complex attack surfaces (device compromise, spoofed apps in app store etc.)
Getting it right is hard
Get advance capabilities last – still no camera access from browser in iOS!
Rich body of knowledge on building and running secure web applications
Choose wisely!
Andera is leading the trend to introduce mobile devices into the origination process. Sign documents on the
touchscreen, capture supporting documents with the camera, all from the branch or from home. An otherwise
complex process converges down to a single device. Most importantly, users absolutely love the experience.
Mobile @ Andera
21
Thanks for Listening. A video of this presentation will be sent to you next week. Email questions to: [email protected]. Check out what’s up next:
oFlows Demo for Symitar Clients Mon, Nov 19, 2012 1:00-2:00 PM ESThttp://bit.ly/SymitarDemo
Questions & Wrap Up
oFlows Demo for Ultradata ClientsMon, Nov 19, 2012 2:30-3:30 PM ESThttp://bit.ly/UltradataDemo
How Credit Unions Can Engage the Youth MarketWed, Nov 28, 2012 2:00-3:00 PM ESThttp://bit.ly/EngageYouthWith Tim McAlpine, President of Currency Marketing & Laurie McLachlan, VP Marketing at Andera