1

What You Need To Know About Mobile Banking Security

What You Need To Know About Mobile Banking Security

Rajesh JayaramanCTO

3

We’re glad you’re here! We’ll start soon. A video of this presentation will be sent to you next week. Email questions to: info@andera.com

While you’re waiting, register for our next webinar:

How Credit Unions Can Engage the Youth MarketWed, Nov 28, 2012 2:00-3:00 PM ESThttp://bit.ly/EngageYouthWith Tim McAlpine, President of Currency Marketing & Laurie McLachlan, VP Marketing at Andera

Hello!

Our Mission

To simplify deposit account opening and loan origination across all banking channels for customers or members and the employees who serve them

2004 2005 2006 2007 2008 2009 2010 2011 2012

2 10 23 3758

82111

143

193232

260

358379

443

508 520550

Our History

o Opened the first deposit account online for Bank Rhode Island in 2004

o Industry leader with 550+ financial institution customers

o In 2011, acquired oFlows platform, a four-time Finovate Best of Show winner for mobile, multichannel user experience

Our Clients

Platform

Product

Features

Our Integrations

Product

Solution oFlows Online

Deposits

Loans

Forms DepositsLoans

Forms

oFlows Branch

Our Product: Andera oFlows

Mobile Is Here and It’s Real

0

500

1000

1500

2000

2500

3000

2009 2010 2011 2012E 2013E 2014E 2015E0

500

1000

1500

2000

2500

3000

Data Source: Mary Meeker’s 2012 “State of the Internet” Report

Global Installed Base By Device

Mobile for Customer Acquisition

Data Source: Andera

Security Is a Barrier to Adoption

Very Safe Somewhat Safe

Somewhat Unsafe

Very Unsafe Don’t know 0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

TotalUsersNon Users

Data Source: Federal Reserve Board Mobile Financial Services Survey 2012

How would you currently rate the overall security of mobile banking for protecting your personal information?

The Nature of Mobile Threats

A computer in every pocket changes the nature of threats:

Devices can be stolen or lost

Work and personal devices are co-mingled

Small screen means security cues are more subtle

Many threats are the same: Phishing or Social

Engineering Malware Man in the Middle or Man

in the Browser Good Old-fashioned Fraud

The Nature of Mobile Threats

DO: Implement All Web Security Measures

o Mobile banking sits on top of online banking infrastructure

o All network and server-side protections remain relevant:

Perimeter Network Servers Application Data

DON’T: Trust the Mobile Device

o Devices can be compromised, stolen, jail-broken, infected or impersonated

o Treat all information that comes from the device as suspect and validate

o If you rely on the device for any security, ensure that you repeat those steps on the server as well

o Storing any sensitive information on the device, even encrypted, is a bad idea

DO: Encrypt All Communications

o Untrusted and impersonated Wi-fi networks are everywhere

o Cellular networks do not offer any security guarantees

o If you use a native app, Ensure that server certificate is not spoofed Ensure that the app communicates with only your server

o If you use the mobile web, always use HTTPS And disable unencrypted access to your application

DO: Use Capabilities to Enhance Security

o Smart devices have a variety of features that can enhance your security and compliance:

GPS Device geo-location better than IP geo-location

Camera Document uploads Video could be more secure than phone in your call center

channel NFC, QR Codes etc.

o Caution: Use all these features, but don’t trust them

Native Apps vs. Mobile Web

Native Apps Mobile Web Access advanced device

capabilities sooner than Mobile web

Complex attack surfaces (device compromise, spoofed apps in app store etc.)

Getting it right is hard

Get advance capabilities last – still no camera access from browser in iOS!

Rich body of knowledge on building and running secure web applications

Choose wisely!

Andera is leading the trend to introduce mobile devices into the origination process. Sign documents on the

touchscreen, capture supporting documents with the camera, all from the branch or from home. An otherwise

complex process converges down to a single device. Most importantly, users absolutely love the experience.

Mobile @ Andera

21

Thanks for Listening. A video of this presentation will be sent to you next week. Email questions to: info@andera.com. Check out what’s up next:

oFlows Demo for Symitar Clients Mon, Nov 19, 2012 1:00-2:00 PM ESThttp://bit.ly/SymitarDemo

Questions & Wrap Up

oFlows Demo for Ultradata ClientsMon, Nov 19, 2012 2:30-3:30 PM ESThttp://bit.ly/UltradataDemo

How Credit Unions Can Engage the Youth MarketWed, Nov 28, 2012 2:00-3:00 PM ESThttp://bit.ly/EngageYouthWith Tim McAlpine, President of Currency Marketing & Laurie McLachlan, VP Marketing at Andera