13
Mobile Banking Security Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in- chief, SC Magazine

Mobile Banking Security

  • Upload
    ardith

  • View
    72

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

Mobile Banking Security. Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in-chief, SC Magazine. Presentation Agenda. What is the current state of mobile computing? What are consumer attitudes toward mobile banking? Is mobile banking secure? What could the future hold?. - PowerPoint PPT Presentation

Citation preview

Page 1: Mobile Banking Security

Mobile Banking Security

Joe LoBianco, CISSP, CISM Moderator: Illena Armstrong, editor-in-chief, SC Magazine

Page 2: Mobile Banking Security

Presentation Agenda

What is the current state of mobile computing?What are consumer attitudes toward mobile banking?Is mobile banking secure?What could the future hold?

Page 3: Mobile Banking Security

Current State of Mobile Computing

Industry is in a state of flux – mobile devices are evolving rapidly

Page 4: Mobile Banking Security

iPhone60%

BlackBerry10%

Other10%

Android20%

Smartphone Usage Trends

May 2010 Mobile Web Usage:

• What will this look like in 2011?– Does Windows Phone 7 change anything?

Source: Quantcast

Page 5: Mobile Banking Security

Mobile Banking Today

10 Million Mobile Banking

Subscribers22 Million Mobile

Banking Subscribers

Source: ABI Research

Page 6: Mobile Banking Security

Consumer Attitudes towards Mobile Banking

Only 19% of Canadian Consumers feel comfortable with mobile banking

Why are the other 81% not comfortable?

Source: KPMG

Page 7: Mobile Banking Security

Is this Consumer Attitude Justified?

Virtually all mobile threats have originated from fake apps, with little consumer impact

VS.

Page 8: Mobile Banking Security

Hacker’s Magic Quadrant

Why spend time on difficult and low return activities when there are easy ones with higher returns?

Ease of Attack/Likelihood

Rew

ard/

Impa

ct

Waste of time

Easy money

Hacker’s Magic Quadrant

Page 9: Mobile Banking Security

Today’s Mobile Banking Threats

Threat Vector Applicability to Mobile

PhishingFake AppsTargeted Malware (Attachments, URLs,etc.)Drive-by Malware

Phishing and fake apps pose a threat to mobile bankingOther types of malware have yet to emerge as an active threat

Page 10: Mobile Banking Security

Drive-by Malware In More Depth

What is it?Malware that installs without user intervention

Why is it such a threat?Users can be infected by visiting legit sites without taking any action

Conditions for success:Browsers or web plug-ins with lots of vulnerabilities, preferably found very oftenCommon OS baseCommon hardware platform

As of today, this remains a significant threat for PCs, but not for mobile devices

Page 11: Mobile Banking Security

Bringing it all together...

Hacker’s Magic Quadrant

Easy money...

Waste of time ...

Page 12: Mobile Banking Security

Advice for Security Professionals

When doing an assessment of mobile banking:

Standard secure development practicesConduct Pen Test & code reviewWatch out for client side caching of data!

Protecting your users:Educate users on fake appsLock down devices, where possible

Page 13: Mobile Banking Security

Future - what does the crystal ball hold?


Mobile Banking

Mobile Banking

Economy & Finance
Solving for Compliance: Mobile app security for banking and financial services

Solving for Compliance: Mobile app security for banking and financial services

Mobile
Segment-Based Strategies for Mobile Banking -...Mobile Banking To

Segment-Based Strategies for Mobile Banking -...Mobile Banking To

Documents
Best Practices in Mobile Banking Security · Best Practices in Mobile Banking Security ... WITH THESE SIMPLE STEPS 1 Add a Mobile Security App • Research and install reputable mobile

Best Practices in Mobile Banking Security · Best Practices in Mobile Banking Security ... WITH THESE SIMPLE STEPS 1 Add a Mobile Security App • Research and install reputable mobile

Documents
SECURITY CHALLENGES FOR BANKS - Accenture · 3 | MOBILE BANKING APPLICATIONS: SECURITY CHALLENGES FOR BANKS The wealth of information stored on and transmitted via mobile devices

SECURITY CHALLENGES FOR BANKS - Accenture · 3 | MOBILE BANKING APPLICATIONS: SECURITY CHALLENGES FOR BANKS The wealth of information stored on and transmitted via mobile devices

Documents
Mobile Banking In Bangladesh - …purnotabd.weebly.com/uploads/7/9/5/2/7952316/mobile...Introduction Mobile Banking: Mobile banking (also known as M-Banking, m-banking, SMS Banking)

Mobile Banking In Bangladesh - …purnotabd.weebly.com/uploads/7/9/5/2/7952316/mobile...Introduction Mobile Banking: Mobile banking (also known as M-Banking, m-banking, SMS Banking)

Documents
CLX.MAP & Mobile Security - Security - Speedtest | cnlab · Agenda 2 Digital Banking Mobile Banking Apps CLX.MAP Mobile Security App Hardening Is my App Secure?

CLX.MAP & Mobile Security - Security - Speedtest | cnlab · Agenda 2 Digital Banking Mobile Banking Apps CLX.MAP Mobile Security App Hardening Is my App Secure?

Documents
Security risks in mobile banking

Security risks in mobile banking

Software
Mobile Banking Security: Challenges, Solutions

Mobile Banking Security: Challenges, Solutions

Documents
Mobile Banking Security - Praetorian Security Blog · mobile remote deposit capture, ... and configuration setting weaknesses in the Project Neptune security test cases ... MOBILE

Mobile Banking Security - Praetorian Security Blog · mobile remote deposit capture, ... and configuration setting weaknesses in the Project Neptune security test cases ... MOBILE

Documents
What You Need To Know About Mobile Banking Security

What You Need To Know About Mobile Banking Security

Economy & Finance
Security Architectures of Mobile Systems · 2015. 6. 4. · • Application security –e.g. Internet banking • Protocol security –e.g. how to achieve security goals by executing

Security Architectures of Mobile Systems · 2015. 6. 4. · • Application security –e.g. Internet banking • Protocol security –e.g. how to achieve security goals by executing

Documents
Security (In)Dependence of Mobile and Internet Bankingcrypto.hyperlink.cz/files/rosa_ict2013.pdf · Security (In)Dependence of Mobile and Internet Banking. ... BlackHat DC 2011.

Security (In)Dependence of Mobile and Internet Bankingcrypto.hyperlink.cz/files/rosa_ict2013.pdf · Security (In)Dependence of Mobile and Internet Banking. ... BlackHat DC 2011.

Documents
VP Bank e-banking · PDF file2 | VP Bank e-banking | Mobile Token Mobile Token In VP Bank e-banking, you use state-of-the-art security procedures to authorise your banking

VP Bank e-banking · PDF file2 | VP Bank e-banking | Mobile Token Mobile Token In VP Bank e-banking, you use state-of-the-art security procedures to authorise your banking

Documents
Mobile Banking Security Risks and Consequences iovation2015

Mobile Banking Security Risks and Consequences iovation2015

Software
State of Mobile Security in Banking Whitepaper SyniverseV2docs.bankinfosecurity.com/files/whitepapers/pdf/... · The State of Mobile Security in Banking and Financial Transactions

State of Mobile Security in Banking Whitepaper SyniverseV2docs.bankinfosecurity.com/files/whitepapers/pdf/... · The State of Mobile Security in Banking and Financial Transactions

Documents
AIR BOND Keychain - Simply better mobile banking security for ordinary people

AIR BOND Keychain - Simply better mobile banking security for ordinary people

Technology
State of Mobile Security in Banking Whitepaper SyniverseV2

State of Mobile Security in Banking Whitepaper SyniverseV2

Documents
GSM BASED BANKING SECURITY SYSTEM - … BASED BANKING SECURITY SYSTEM ... ( Global System for Mobile ... The GSM network can be divided into three broad parts

GSM BASED BANKING SECURITY SYSTEM - … BASED BANKING SECURITY SYSTEM ... ( Global System for Mobile ... The GSM network can be divided into three broad parts

Documents
Detection and Prevention of security vulnerabilities associated with mobile banking applications

Detection and Prevention of security vulnerabilities associated with mobile banking applications

Documents
Online Banking, Mobile Banking, Mobile Introduction Eagle... · Mobile Banking. Mobile Banking is a personal financial information management service that allows you to view your

Online Banking, Mobile Banking, Mobile Introduction Eagle... · Mobile Banking. Mobile Banking is a personal financial information management service that allows you to view your

Documents
Top 7 Mobile Banking Security Tips

Top 7 Mobile Banking Security Tips

Software
BML Internet Banking and BML Mobile Banking TERMS & CONDITIONS · PDF file21 BML Internet Banking and BML Mobile Banking ... BML Internet Banking and BML Mobile Banking; Passcode

BML Internet Banking and BML Mobile Banking TERMS & CONDITIONS · PDF file21 BML Internet Banking and BML Mobile Banking ... BML Internet Banking and BML Mobile Banking; Passcode

Documents
INNOVATION OPEN BANKING CLOUD NEW COOL TECH REAL … · MOBILE BANKING 2018-…. OPEN BANKING . API Platform: Way of working, Technology, Security Innovation & Growth: ... PowerPoint

INNOVATION OPEN BANKING CLOUD NEW COOL TECH REAL … · MOBILE BANKING 2018-…. OPEN BANKING . API Platform: Way of working, Technology, Security Innovation & Growth: ... PowerPoint

Documents
Mobile Banking Security - VUrOREvurore.nl/images/vurore/downloads/1073-Ashraf.pdfMobile Banking Security A security model Imran Ashraf MSc – imran.ashraf@gmail.com Post Graduate

Mobile Banking Security - VUrOREvurore.nl/images/vurore/downloads/1073-Ashraf.pdfMobile Banking Security A security model Imran Ashraf MSc – [email protected] Post Graduate

Documents
BANKWORLD MOBILE - CR2 omnichannel banking software ... · banking BankWorld mobile also provides enhanced security measures for customers using mobile banking. Through SMS verification,

BANKWORLD MOBILE - CR2 omnichannel banking software ... · banking BankWorld mobile also provides enhanced security measures for customers using mobile banking. Through SMS verification,

Documents
MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS

MOBILE BANKING SECURITY (MBS) ISSUES & DEVELOPMENTS

Documents
Access Control & End-to-End Security Access Control & End-to-End Security E-Government Payphone Banking & Loyalty Banking & Loyalty Mobile Communications

Access Control & End-to-End Security Access Control & End-to-End Security E-Government Payphone Banking & Loyalty Banking & Loyalty Mobile Communications

Documents
ang Seng Business e-Banking User Guide Mobile Security Key

ang Seng Business e-Banking User Guide Mobile Security Key

Documents
CLX.MAP & Mobile Security - CSI Consulting · Agenda 2 Digital Banking Mobile Banking Apps CLX.MAP Mobile Security App Hardening Is my App Secure?

CLX.MAP & Mobile Security - CSI Consulting · Agenda 2 Digital Banking Mobile Banking Apps CLX.MAP Mobile Security App Hardening Is my App Secure?

Documents