Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What You Need To Know About Mobile Banking Security


Published on

Rajesh Jayaraman, CTO of Andera and veteran financial technology developer, discusses the key security concerns raised by the use of mobile devices in retail banking, and what you can do to address them. To hear the audio please visit this link:

Published in: Economy & Finance, Business
  • Be the first to comment

What You Need To Know About Mobile Banking Security

  1. 1. What You Need To Know AboutMobile Banking Security1
  2. 2. What You Need To Know AboutMobile Banking SecurityRajesh JayaramanCTO
  3. 3. Hello!We’re glad you’re here! We’ll start soon. A video of this presentation will be sentto you next week. Email questions to: How Credit Unions Can Engage the Youth MarketWhile you’re waiting, register for Wed, Nov 28, 2012 2:00-3:00 PM ESTour next webinar: With Tim McAlpine, President of Currency Marketing & Laurie McLachlan, VP Marketing at Andera
  4. 4. Our MissionTo simplify deposit account opening and loanorigination across all banking channels forcustomers or members and the employees whoserve them
  5. 5. Our History 550o Opened the first deposit account online for 508 520 Bank Rhode Island in 2004 443o Industry leader with 550+ financial institution customers 379 358o In 2011, acquired oFlows platform, a four-time Finovate Best of Show winner for 260 232 mobile, multichannel user 193 experience 143 111 82 58 23 37 2 10 2 2 2 2 2 2 2 2 2
  6. 6. Our Clients
  7. 7. Our IntegrationsPlatform FeaturesProduct
  8. 8. Our Product: Andera oFlows oFlowsSolution oFlows Online Branch Deposits Forms Deposits Forms Loans LoansProduct
  9. 9. Mobile Is Here and It’s Real 30003000 Global Installed Base By Device 25002500 20002000 15001500 10001000 Data Source: Mary 500 500 Meeker’s 2012 “State of the Internet” Report 0 0 2009 2010 2011 2012E 2013E 2014E 2015E
  10. 10. Mobile for Customer Acquisition Data Source: Andera
  11. 11. Security Is a Barrier to Adoption How would you currently rate the overall security of mobile60.0% banking for protecting your personal information?50.0% Total40.0% Users30.0% Non Users20.0% Data Source: Federal Reserve10.0% Board Mobile Financial Services Survey 2012 0.0% Very Safe Somewhat Safe Somewhat Unsafe Very Unsafe Don’t know
  12. 12. The Nature of Mobile ThreatsA computer in every pocketchanges the nature of threats:  Devices can be stolen or lost  Work and personal devices are co-mingled  Small screen means security cues are more subtle
  13. 13. The Nature of Mobile ThreatsMany threats are the same:  Phishing or Social Engineering  Malware  Man in the Middle or Man in the Browser  Good Old-fashioned Fraud
  14. 14. DO: Implement All Web Security Measureso Mobile banking sits on top of online banking infrastructureo All network and server-side protections remain relevant:  Perimeter  Network  Servers  Application  Data
  15. 15. DON’T: Trust the Mobile Deviceo Devices can be compromised, stolen, jail- broken, infected or impersonatedo Treat all information that comes from the device as suspect and validateo If you rely on the device for any security, ensure that you repeat those steps on the server as wello Storing any sensitive information on the device, even encrypted, is a bad idea
  16. 16. DO: Encrypt All Communicationso Untrusted and impersonated Wi-fi networks are everywhereo Cellular networks do not offer any security guaranteeso If you use a native app,  Ensure that server certificate is not spoofed  Ensure that the app communicates with only your servero If you use the mobile web, always use HTTPS  And disable unencrypted access to your application
  17. 17. DO: Use Capabilities to Enhance Securityo Smart devices have a variety of features that can enhance your security and compliance:  GPS  Device geo-location better than IP geo-location  Camera  Document uploads  Video could be more secure than phone in your call center channel  NFC, QR Codes etc.o Caution: Use all these features, but don’t trust them
  18. 18. Native Apps vs. Mobile Web
  19. 19. Native Apps Mobile Web Access advanced device  Get advance capabilities capabilities sooner than last – still no camera Mobile web access from browser in Complex attack surfaces iOS! (device  Rich body of knowledge compromise, spoofed on building and running apps in app store etc.) secure web applications Getting it right is hard Choose wisely!
  20. 20. Mobile @ Andera Andera is leading the trend to introduce mobile devices into the origination process. Sign documents on the touchscreen, capture supporting documents with the camera, all from the branch or from home. An otherwise complex process converges down to a single device. Most importantly, users absolutely love the experience.
  21. 21. Questions & Wrap Up Thanks for Listening. A video of this presentation will be sent to you next week. Email questions to: Check out what’s up next: oFlows Demo for Symitar Clients How Credit Unions Can Engage the Youth Market Mon, Nov 19, 2012 1:00-2:00 PM EST Wed, Nov 28, 2012 2:00-3:00 PM EST oFlows Demo for Ultradata Clients With Tim McAlpine, President of Currency Mon, Nov 19, 2012 2:30-3:30 PM EST Marketing & Laurie McLachlan, VP Marketing at Andera21