The document discusses mobile payments fraud and security issues. It provides an overview of mobile payments and analyzes threats and vulnerabilities. It then discusses fraud risk and mitigation strategies, and the regulatory outlook for mobile banking and payments. Key points include that mobile payments already represent over 6% of online retail purchases, and smartphone owners are willing to use security services like antivirus and data encryption. Major brands like Visa and PayPal are most trusted with financial information. The document uses a methodology based on NIST guidelines to assess threats and vulnerabilities, rate controls, and make recommendations to address control gaps and long-term risks.
The document discusses mobile payment security trends for the future. It predicts that pre and post authorization tokens will expand as more businesses accept mobile payments. Security will remain an issue as cyber criminals target mobile opportunities and mobile payments are expected to triple in the US in 2016. Businesses need to assess security, prepare for possible attacks, and implement tokenization to protect against data breaches as mobile payments rise.
In September 2014, CG surveyed 1,005 U.S. consumers online and conducted qualitative phone interviews with ten financial services executives at the top 20 U.S. financial institutions, to understand how mobile banking and the shift of mobile device size (tablets getting smaller, smartphones getting larger) will influence how Americans do their banking in the 21st century. This presentation details the findings of this research.
To receive a copy of the white paper, due out in March 2015 please email insight@cgcginc.com. For more information about CG’s Digital Practice please visit https://www.carlisleandgallagher.com/insights/research-insights or follow #CGDigital on Twitter.
Brett King Presents The Future of Banking in an exclusive Backbase webinar.
The future of banking will not be about a place you go, about branch networks, rates or product features. The future of banking is in the utility and connectedness with customers.
In this exclusive Backbase BANK 2.0 webinar, the bestselling author of BANK 2.0, discusses how the very nature of banking is changing, how customer's expectations, customer behavior and context will force banks to reboot the way they work their customers.
Highlights of this webinar include:
The Changing Behavior of Customers
The Generational Cliff – when your customers are all gone
The Loss of Physicality – No Paper, No Plastic
The New Utility – Connected, Contextual, Fun, and Fair
The New Banking Ecosystem – BANK 1.0 versus BANK 2.0
Compete Financial Services: Mobile Moneyamainecompete
Mobile money adoption is highest for banking at 54% and lowest for auto insurance at 17%. While awareness of mobile money services is high, the likelihood of adopting them in the next 3 months is low. Once adopted, mobile money services see frequent use. Mobile ads have a high clickthrough rate of 19%. Marketers should focus on increasing adoption, addressing connectivity issues, and promoting mobile money services within apps.
We were asked to give a mobile banking planning/education chat with some agency folk here in NYC. This is a version of that deck/convo.
"A growing polarization between leaders and laggards as visionary financial institutions rise to the challenge of calamity and move ahead of their weaker competitors. Mobile represents a necessary step forward for all retail banks."
This document provides an overview and analysis of the mobile payments industry in June 2013. It discusses the size and growth forecasts of the global and US mobile payments markets. While mCommerce growth is expected to be realistic, proximity payments growth is more speculative. Consumer concerns about security and lack of perceived benefits are barriers. Digital wallets need to demonstrate strong security and additional value beyond tap-to-pay. International proximity payment adoption has also been underwhelming despite large NFC device install bases. Google is seen as the front runner in the US wallet war but faces challenges, while card networks and banks may look to defend incumbent arrangements through partnerships and own wallet offerings.
Banking On Mobile - Getting Ready for 2016Swrve_Inc
This document discusses how banking is moving towards mobile-first experiences. It provides the following key points:
1) Mobile banking usage is growing rapidly as people interact with banks mainly through their smartphones. Mobile interactions now exceed online interactions in many countries.
2) Younger customers especially millennials expect simple, fast mobile banking and are more likely to switch banks if their needs aren't met digitally.
3) Customers who actively use mobile banking are more engaged with their bank overall, conduct more transactions, and generate more revenue.
4) To succeed, banks need to simplify their offerings, solve customers' problems in the moment through personalized mobile experiences, and save them time. The future is about optimized
The document discusses mobile payment security trends for the future. It predicts that pre and post authorization tokens will expand as more businesses accept mobile payments. Security will remain an issue as cyber criminals target mobile opportunities and mobile payments are expected to triple in the US in 2016. Businesses need to assess security, prepare for possible attacks, and implement tokenization to protect against data breaches as mobile payments rise.
In September 2014, CG surveyed 1,005 U.S. consumers online and conducted qualitative phone interviews with ten financial services executives at the top 20 U.S. financial institutions, to understand how mobile banking and the shift of mobile device size (tablets getting smaller, smartphones getting larger) will influence how Americans do their banking in the 21st century. This presentation details the findings of this research.
To receive a copy of the white paper, due out in March 2015 please email insight@cgcginc.com. For more information about CG’s Digital Practice please visit https://www.carlisleandgallagher.com/insights/research-insights or follow #CGDigital on Twitter.
Brett King Presents The Future of Banking in an exclusive Backbase webinar.
The future of banking will not be about a place you go, about branch networks, rates or product features. The future of banking is in the utility and connectedness with customers.
In this exclusive Backbase BANK 2.0 webinar, the bestselling author of BANK 2.0, discusses how the very nature of banking is changing, how customer's expectations, customer behavior and context will force banks to reboot the way they work their customers.
Highlights of this webinar include:
The Changing Behavior of Customers
The Generational Cliff – when your customers are all gone
The Loss of Physicality – No Paper, No Plastic
The New Utility – Connected, Contextual, Fun, and Fair
The New Banking Ecosystem – BANK 1.0 versus BANK 2.0
Compete Financial Services: Mobile Moneyamainecompete
Mobile money adoption is highest for banking at 54% and lowest for auto insurance at 17%. While awareness of mobile money services is high, the likelihood of adopting them in the next 3 months is low. Once adopted, mobile money services see frequent use. Mobile ads have a high clickthrough rate of 19%. Marketers should focus on increasing adoption, addressing connectivity issues, and promoting mobile money services within apps.
We were asked to give a mobile banking planning/education chat with some agency folk here in NYC. This is a version of that deck/convo.
"A growing polarization between leaders and laggards as visionary financial institutions rise to the challenge of calamity and move ahead of their weaker competitors. Mobile represents a necessary step forward for all retail banks."
This document provides an overview and analysis of the mobile payments industry in June 2013. It discusses the size and growth forecasts of the global and US mobile payments markets. While mCommerce growth is expected to be realistic, proximity payments growth is more speculative. Consumer concerns about security and lack of perceived benefits are barriers. Digital wallets need to demonstrate strong security and additional value beyond tap-to-pay. International proximity payment adoption has also been underwhelming despite large NFC device install bases. Google is seen as the front runner in the US wallet war but faces challenges, while card networks and banks may look to defend incumbent arrangements through partnerships and own wallet offerings.
Banking On Mobile - Getting Ready for 2016Swrve_Inc
This document discusses how banking is moving towards mobile-first experiences. It provides the following key points:
1) Mobile banking usage is growing rapidly as people interact with banks mainly through their smartphones. Mobile interactions now exceed online interactions in many countries.
2) Younger customers especially millennials expect simple, fast mobile banking and are more likely to switch banks if their needs aren't met digitally.
3) Customers who actively use mobile banking are more engaged with their bank overall, conduct more transactions, and generate more revenue.
4) To succeed, banks need to simplify their offerings, solve customers' problems in the moment through personalized mobile experiences, and save them time. The future is about optimized
The document provides an overview of mobile payments including the history, advantages, and disadvantages. It discusses how mobile payment systems have evolved since the 1980s and become widespread in the 2010s. The main advantages mentioned are increased convenience, speed, and security compared to cash or credit cards. However, the document also notes potential disadvantages like outdated technology, difficulty reading terms and conditions on phones, and risks of phone theft.
[Industry Report] Indonesia Mobile games Phuong Vu
The mobile game industry in Indonesia is growing rapidly due to a young population and rising smartphone adoption. However, feature phones still account for 80% of the mobile market. Key points:
- The mobile game market is relatively immature compared to other Southeast Asian countries like Vietnam.
- Android dominates the smartphone market and platform, but Google Play does not support local developers' monetization.
- Top grossing mobile games are mostly from foreign publishers like Line, while local developers struggle without proper payment and distribution channels.
- Casual and strategy games are popular genres in Indonesia. There is room for more game diversity and innovation.
- Partnering with telcos is important for distribution and payments
Mobile Payment Value chain and Business ModelsStomar
Mobile payment platforms can be categorized as mobile banking, remote purchases, person-to-person payments, and point-of-sale payments. For mobile payments to succeed, they need to alter consumer spending habits and be easy to use. While the concept seems promising, the business model reality check shows that the value chain players only see benefit if transaction and implementation costs are reduced and customer data access is provided. Near Field Communication (NFC) and SMS-based payments are the main technologies, but challenges remain around interoperability and security.
Payments landscape in Indonesia to get an overview of players, value chain economics, market drivers and the competitive landsacape. Indicator/introduction of payments ecosystem in Southeast Asia/ASEAN.
A Roadmap for Mass Adoption of e-Payments in the PhilippinesJohn Owens
This document outlines a roadmap for mass adoption of e-payment services in the Philippines. It discusses how e-money has driven financial inclusion in other countries through increased access points like agents. Keys to adoption include ease of use, digital literacy, and trusted services. While the Philippines currently has low access points per capita compared to other nations, opportunities exist like shifting government payments to e-payments. The roadmap's vision is for widespread e-payment use through a supportive regulatory system and engaged stakeholders across government, businesses, and consumers. This would yield benefits like cost savings, transparency, and new markets through an expanded e-payment ecosystem and infrastructure.
There are four main business models for mobile financial services:
1) Bank-centric model where a bank deploys mobile payment applications and ensures merchant point-of-sale acceptance. Payments are processed over existing financial networks.
2) Operator-centric model where a mobile operator independently deploys mobile payment applications to devices and may integrate charges into wireless bills or use prepaid stored value.
3) Peer-to-peer model where an independent provider enables secure mobile payments between customers or customers and merchants without using traditional payment networks.
4) Collaboration model involving partnerships among banks, mobile operators, and other stakeholders managed by a potential third party to deploy mobile applications.
The payments industry is evolving rapidly and will continue to do so throughout 2016. Here are some of the top trends predicted to make an impact this year.
The Future of Mobile Banking: Building a Customer Experience That Starts and ...Michael McEvoy
Summary of annual mobile banking study of US banking customers. Based on 2013 study conducted during Q1. More than 3,000 participants. Includes slides on revenue opportunity, mobile photo bill pay, mobile account opening, voice authentication and voice recognition. Also includes analysis of usage of remote deposit capture. Shows the two key barriers to faster mobile adoption and what banks must do to overcome them.
Mobile wallets are digital versions of traditional wallets that store credit/debit card and loyalty program information that can be accessed via a smartphone app. While adoption has been slow in developed countries, mobile wallets are growing rapidly in developing nations and where many lack bank accounts. A survey in Bangladesh found that while 74% were unfamiliar with mobile wallets, 70% believed they will feel more comfortable using mobile wallets than traditional cards, though 55% cited security concerns. As technology advances and security improves, mobile wallets are expected to continue gaining widespread use globally.
This document discusses trends in mobile banking and financial services. Some key points:
- Mobile phone ownership has surpassed landline connections 6:1 globally, with 1.2 billion active mobile web users. Mobile revenue from advertising was $2.5 billion in 2011.
- Security concerns are a barrier to greater mobile banking adoption, as many banking apps do not offer strong security. Leading mobile banks like JP Morgan Chase are improving the user experience of their mobile banking offerings.
- Emerging technologies are enabling new ways of making person-to-person payments using just a smartphone camera to scan credit cards, or paying for online purchases in cash at local stores.
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Reviewing Grow...spirecorporate
The document discusses the growth of mobile wallet ecosystems in emerging markets. It identifies opportunities in the mobile wallet space for stakeholders, especially in underbanked or unbanked markets. Key control points for mobile wallets are identified as important for commercially viable growth.
Banking Disruption in Financial Services: Threats and OpportunitiesDogTelligent
There are three forces shaping the future of banking. Technology innovation is the first. For most traditional financial institutions -- banks and credit unions -- technology innovation is a weakness; instead, they rely on third-party firms ranging from established core providers to startups to provide them with a mix of products that they repackage and resell to their customers. Demographics is the second force. Millennials now account for 25% of the US population with 80 million and growing. The third force is the emergence of new business models on the one hand driven by Millennial demand and communication preferences, and on the other, enabled by new technologies as they are invented.
The report examines data from multiple sources and suggests potential defenses for institutions to fend off competitive threats from technology, retail, and telecom firms that are gaining traction in the payments and banking arenas.
Indonesia Digital Transformation Outlook Briefing 2016Mastel Indonesia
Indonesia's e-commerce market is growing rapidly but still small compared to China and the US. Key drivers of growth include a young population, rising incomes, and increasing internet and mobile adoption. However, obstacles like poor infrastructure, limited banking access, and a preference for cash payments are hindering faster growth. The market is expected to consolidate as hybrid online-offline models emerge and mobile commerce increases its share. Online payments are predicted to surpass cash-on-delivery by the end of 2016 as more consumers adopt digital payment methods.
Carlisle & Gallagher Consulting Group predicts mobile payments will surge to 20% of U.S. payment transactions by 2020. Consumer apathy, sluggish merchant acceptance and lingering security concerns continue to slow near-term mobile wallet adoption.
This document summarizes a presentation on mobile banking given to Michigan bankers. It discusses the evolution of customer banking channels and the rise of mobile banking. It covers trends like the growing popularity of smartphone apps over SMS/WAP access. The presentation addresses whether banks should adopt mobile banking and considerations like costs, security, and demographic analysis. It provides tips on preventive security measures and discusses relevant regulatory guidance. The closing thoughts encourage banks to offer mobile banking to remain competitive despite implementation costs and security unknowns.
Reach Your Target Audiences, Strategies and Technologies in Mobile AdvertisingVivastream
The document discusses mobile marketing trends based on research from AT&T AdWorks. Some of the key findings include:
- Nearly half of mobile phone users now own a smartphone, and smartphone ownership is projected to continue rising significantly. Tablet ownership is also growing rapidly.
- Multi-screen usage is common, with many consumers using additional devices like smartphones and tablets while watching TV.
- Mobile devices are frequently used in-store by consumers to research products, check prices, read reviews and use coupons.
- QR codes have seen limited adoption by consumers and marketers feel it was overused, while NFC shows more promise if barriers to usage can be lowered.
- Banner ads
Accenture Distribution and Agency Management Survey: Reimagining insurance di...Accenture Insurance
The global Distribution & Agency Management Survey draws insights from 400+ insurance distribution executives about connected devices, data and analytics, agent compensation and more. The research covers topics such as the customer experience, channel optimization, the changing role of agents and the Internet of Things, among others and how digital is affecting insurance distribution and customer interactions.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Using mobile devices to complete payment transactions in stores is on the brink of mass adoption in North America. What's not clear yet is what technology will be the most popular and how these methods of payment will be secured. So far, security seems to be an afterthought in some early attempts at a mass-market approach to mobile payments - including one particular app that happens to have 12 million users and a glaring loophole.
The document provides an overview of mobile payments including the history, advantages, and disadvantages. It discusses how mobile payment systems have evolved since the 1980s and become widespread in the 2010s. The main advantages mentioned are increased convenience, speed, and security compared to cash or credit cards. However, the document also notes potential disadvantages like outdated technology, difficulty reading terms and conditions on phones, and risks of phone theft.
[Industry Report] Indonesia Mobile games Phuong Vu
The mobile game industry in Indonesia is growing rapidly due to a young population and rising smartphone adoption. However, feature phones still account for 80% of the mobile market. Key points:
- The mobile game market is relatively immature compared to other Southeast Asian countries like Vietnam.
- Android dominates the smartphone market and platform, but Google Play does not support local developers' monetization.
- Top grossing mobile games are mostly from foreign publishers like Line, while local developers struggle without proper payment and distribution channels.
- Casual and strategy games are popular genres in Indonesia. There is room for more game diversity and innovation.
- Partnering with telcos is important for distribution and payments
Mobile Payment Value chain and Business ModelsStomar
Mobile payment platforms can be categorized as mobile banking, remote purchases, person-to-person payments, and point-of-sale payments. For mobile payments to succeed, they need to alter consumer spending habits and be easy to use. While the concept seems promising, the business model reality check shows that the value chain players only see benefit if transaction and implementation costs are reduced and customer data access is provided. Near Field Communication (NFC) and SMS-based payments are the main technologies, but challenges remain around interoperability and security.
Payments landscape in Indonesia to get an overview of players, value chain economics, market drivers and the competitive landsacape. Indicator/introduction of payments ecosystem in Southeast Asia/ASEAN.
A Roadmap for Mass Adoption of e-Payments in the PhilippinesJohn Owens
This document outlines a roadmap for mass adoption of e-payment services in the Philippines. It discusses how e-money has driven financial inclusion in other countries through increased access points like agents. Keys to adoption include ease of use, digital literacy, and trusted services. While the Philippines currently has low access points per capita compared to other nations, opportunities exist like shifting government payments to e-payments. The roadmap's vision is for widespread e-payment use through a supportive regulatory system and engaged stakeholders across government, businesses, and consumers. This would yield benefits like cost savings, transparency, and new markets through an expanded e-payment ecosystem and infrastructure.
There are four main business models for mobile financial services:
1) Bank-centric model where a bank deploys mobile payment applications and ensures merchant point-of-sale acceptance. Payments are processed over existing financial networks.
2) Operator-centric model where a mobile operator independently deploys mobile payment applications to devices and may integrate charges into wireless bills or use prepaid stored value.
3) Peer-to-peer model where an independent provider enables secure mobile payments between customers or customers and merchants without using traditional payment networks.
4) Collaboration model involving partnerships among banks, mobile operators, and other stakeholders managed by a potential third party to deploy mobile applications.
The payments industry is evolving rapidly and will continue to do so throughout 2016. Here are some of the top trends predicted to make an impact this year.
The Future of Mobile Banking: Building a Customer Experience That Starts and ...Michael McEvoy
Summary of annual mobile banking study of US banking customers. Based on 2013 study conducted during Q1. More than 3,000 participants. Includes slides on revenue opportunity, mobile photo bill pay, mobile account opening, voice authentication and voice recognition. Also includes analysis of usage of remote deposit capture. Shows the two key barriers to faster mobile adoption and what banks must do to overcome them.
Mobile wallets are digital versions of traditional wallets that store credit/debit card and loyalty program information that can be accessed via a smartphone app. While adoption has been slow in developed countries, mobile wallets are growing rapidly in developing nations and where many lack bank accounts. A survey in Bangladesh found that while 74% were unfamiliar with mobile wallets, 70% believed they will feel more comfortable using mobile wallets than traditional cards, though 55% cited security concerns. As technology advances and security improves, mobile wallets are expected to continue gaining widespread use globally.
This document discusses trends in mobile banking and financial services. Some key points:
- Mobile phone ownership has surpassed landline connections 6:1 globally, with 1.2 billion active mobile web users. Mobile revenue from advertising was $2.5 billion in 2011.
- Security concerns are a barrier to greater mobile banking adoption, as many banking apps do not offer strong security. Leading mobile banks like JP Morgan Chase are improving the user experience of their mobile banking offerings.
- Emerging technologies are enabling new ways of making person-to-person payments using just a smartphone camera to scan credit cards, or paying for online purchases in cash at local stores.
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Reviewing Grow...spirecorporate
The document discusses the growth of mobile wallet ecosystems in emerging markets. It identifies opportunities in the mobile wallet space for stakeholders, especially in underbanked or unbanked markets. Key control points for mobile wallets are identified as important for commercially viable growth.
Banking Disruption in Financial Services: Threats and OpportunitiesDogTelligent
There are three forces shaping the future of banking. Technology innovation is the first. For most traditional financial institutions -- banks and credit unions -- technology innovation is a weakness; instead, they rely on third-party firms ranging from established core providers to startups to provide them with a mix of products that they repackage and resell to their customers. Demographics is the second force. Millennials now account for 25% of the US population with 80 million and growing. The third force is the emergence of new business models on the one hand driven by Millennial demand and communication preferences, and on the other, enabled by new technologies as they are invented.
The report examines data from multiple sources and suggests potential defenses for institutions to fend off competitive threats from technology, retail, and telecom firms that are gaining traction in the payments and banking arenas.
Indonesia Digital Transformation Outlook Briefing 2016Mastel Indonesia
Indonesia's e-commerce market is growing rapidly but still small compared to China and the US. Key drivers of growth include a young population, rising incomes, and increasing internet and mobile adoption. However, obstacles like poor infrastructure, limited banking access, and a preference for cash payments are hindering faster growth. The market is expected to consolidate as hybrid online-offline models emerge and mobile commerce increases its share. Online payments are predicted to surpass cash-on-delivery by the end of 2016 as more consumers adopt digital payment methods.
Carlisle & Gallagher Consulting Group predicts mobile payments will surge to 20% of U.S. payment transactions by 2020. Consumer apathy, sluggish merchant acceptance and lingering security concerns continue to slow near-term mobile wallet adoption.
This document summarizes a presentation on mobile banking given to Michigan bankers. It discusses the evolution of customer banking channels and the rise of mobile banking. It covers trends like the growing popularity of smartphone apps over SMS/WAP access. The presentation addresses whether banks should adopt mobile banking and considerations like costs, security, and demographic analysis. It provides tips on preventive security measures and discusses relevant regulatory guidance. The closing thoughts encourage banks to offer mobile banking to remain competitive despite implementation costs and security unknowns.
Reach Your Target Audiences, Strategies and Technologies in Mobile AdvertisingVivastream
The document discusses mobile marketing trends based on research from AT&T AdWorks. Some of the key findings include:
- Nearly half of mobile phone users now own a smartphone, and smartphone ownership is projected to continue rising significantly. Tablet ownership is also growing rapidly.
- Multi-screen usage is common, with many consumers using additional devices like smartphones and tablets while watching TV.
- Mobile devices are frequently used in-store by consumers to research products, check prices, read reviews and use coupons.
- QR codes have seen limited adoption by consumers and marketers feel it was overused, while NFC shows more promise if barriers to usage can be lowered.
- Banner ads
Accenture Distribution and Agency Management Survey: Reimagining insurance di...Accenture Insurance
The global Distribution & Agency Management Survey draws insights from 400+ insurance distribution executives about connected devices, data and analytics, agent compensation and more. The research covers topics such as the customer experience, channel optimization, the changing role of agents and the Internet of Things, among others and how digital is affecting insurance distribution and customer interactions.
Banking and Modern Payments System Security AnalysisCSCJournals
Cyber-criminals have benefited from on-line banking (OB), regardless of the extensive research on financial cyber-security. To better be prepared for what the future might bring, we try to predict how hacking tools might evolve. We briefly survey the state-of-the-art tools developed by black- hat hackers and conclude that they could be automated dramatically. To demonstrate the feasibility of our predictions and prove that many two-factor authentication schemes can be bypassed, we have analyzed banking and modern payments system security.
In this research we will review different payment protocols and security methods that are being used to run banking systems. We will survey some of the popular systems that are being used today, with a deeper focus on the Chips, cards, NFC, authentication etc. In addition, we will also discuss the weaknesses in the systems that can compromise the customer's trust.
Using mobile devices to complete payment transactions in stores is on the brink of mass adoption in North America. What's not clear yet is what technology will be the most popular and how these methods of payment will be secured. So far, security seems to be an afterthought in some early attempts at a mass-market approach to mobile payments - including one particular app that happens to have 12 million users and a glaring loophole.
Mobile Financial Services for the Next Billion Customers - Mobile Payments Se...Menekse Gencer
Mobile Payments Series Kickoff by mPayConnect. Co-hosted by Wharton MBA and HBS Tech Alumni Clubs in the San Francisco/Bay Area on Sept. 3, 2009. Author: Menekse Gencer
Mobile Wallet is a service that allows users to manage digitized values (offers, coupons, rewards within loyalty programs, ticketing, boarding passes, gift certificates, ID-cards or information about products and services) of different brands and makes it possible to make payments (with bank accounts, bank cards, and electronic money)
This document discusses security issues related to mobile payment systems. It begins by defining mobile payment and m-commerce. It then outlines some key technologies used in mobile payments like SMS, GPRS, and wireless protocols. It identifies several security problems with these technologies, such as the vulnerability of encryption algorithms used in GSM networks. Finally, it discusses other mobile payment technologies and their security challenges, like threats to near-field communication systems if not implemented securely. Understanding and addressing these security risks is important for gaining user adoption of mobile banking and payments.
Ar report from www.Fintechnews.sg about all Philippine Fintech Startups. Check out also the List here, http://fintechnews.sg/fintech-startups-philippines/
The document discusses current trends in mobile wallets. It defines a mobile wallet as an application that processes electronic payments and stores financial data on a mobile device. There are currently over 150 mobile wallet initiatives worldwide. The document outlines recent announcements regarding new wallet offerings and updates. It also examines consumer attitudes, finding that security and fragmented options have led to apathy. The document introduces a simple matrix to illustrate the current mobile wallet landscape and clusters of competitors. Finally, it predicts future trends such as consolidation in competitive clusters, new solutions focusing on alternative payments for consumers, and an intensifying battle between PayPal and Square to dominate the merchant mobile wallet space.
Mobile business 12 summary keynote wim decraene Accenture ruttens.com
The document discusses how mobile connectivity and usage is growing rapidly but few companies are successfully monetizing mobile apps and services. It outlines different business models for mobile apps, including paid downloads, subscriptions, and ad-funded models. While many large Belgian companies have mobile apps, very few generate revenue from them. The document argues that to be successful, companies need to create an enriched portfolio of mobile offerings, innovative models like daily deals and geo-location services, embrace cross-industry partnerships, and think big but start small and move fast with innovations. Privacy concerns also remain a barrier to mobile payments.
Mobile gaming economy Asia & Opportunity for Banks/Micro Transaction Processors Kabir Ahmad
The document discusses trends in the mobile gaming economy in Asia, including its current size of $15.6 billion, projected to grow to $19.1 billion. It notes that 92% of mobile app users play games and over half pay real money for virtual currency. The document recommends payment companies looking to enter the mobile gaming market focus on microtransaction solutions and commissions from facilitating in-game transactions of virtual goods, which currently make up 55% of mobile gaming monetization.
This document discusses the growing importance and opportunities of mobile marketing. It notes that mobile phone and tablet usage is increasing dramatically, with nearly 200 million mobile internet users in the US by 2016. Effective mobile marketing requires a closed-loop approach of understanding audiences, engaging them with targeted mobile ads, and driving responses through mobile transactions. However, there are challenges in measurement, proving ROI, delivering engaging content, and enabling transactions on mobile. Carriers are developing solutions to help marketers with audience understanding, targeted engagement, and driving mobile transactions. Privacy is also a key consideration, with transparency, choice and control being important.
A look at trends in mobile banking and whether a mobile app or mobile website makes more sense.
Lots of data from the Federal Reserve's March 2012 study.
Mobility In Retail Today: Connect With Customers To Drive More RevenueG3 Communications
Growing retail sales depends on your ability to create captivating shopping experiences. Join Cisco for this session where you’ll get insights on customer behavior and how to use mobility to transform store operations and increase profits. You’ll hear the latest research from the Cisco Consulting Services’ annual shopper survey about what moves the retail revenue needle and why. Plus Bob Friday, CTO of Cisco’s Wireless Networking Group, will discuss new ways to capture that revenue and deliver a superior customer experience with groundbreaking Wi-Fi and mobile technologies.
Getting Beyond the Hype-What’s Really Working In Mobile Marketing Today by Mo...SIM Partners
Create your roadmap to navigate the ever-changing landscape of Mobile Commerce. Unlock opportunity by demystifying GeoLocation & GeoFencing, gain insight into what behaviors are really happening “on the go”, and get ready for the changes ahead.
This document discusses opportunities in the mobile advertising industry in Southeast Asia. It notes that the mobile internet user population is growing rapidly across Southeast Asian countries. Smartphone adoption is also increasing, though feature phones still dominate the market. The mobile advertising market is expected to grow significantly in coming years, reaching $1.3 billion in Indonesia alone by 2013. To capitalize on opportunities, the document recommends expanding mobile advertising campaigns into new verticals such as news, sports, technology and entertainment. It also stresses the importance of using mobile data to precisely target and optimize ad campaigns.
Helping Midmarket Businesses Build a Successful Mobile Solutions StrategySMB Group
This document discusses helping midmarket businesses build successful mobile strategies. It covers mobile trends for employees, customers, partners and suppliers. Top drivers for mobile solutions include improving productivity and collaboration, while security and costs are top inhibitors. The adoption of mobile business apps is expected to double in the next 12 months. Partners can help businesses address security challenges and develop mobile strategies.
The future of shopping with your mobile phoneresimpa
This is a presentation from a research programme looking at the future role of mobile phones in retail prepared for the Direct Marketing Association and Empirix
The document discusses building mobile engagement strategies. It notes that over 5.9 billion people have mobile subscriptions and 44% have smartphones. Mobile traffic to websites is increasing, especially during major events, but mobile users currently underperform on key metrics like bounce rate and conversions. The document recommends optimizing sites for speed and usability on mobile, using responsive design, prioritizing mobile-friendly emails and forms, and considering SMS but using it sparingly for committed supporters. It emphasizes focusing first on making core site functions work well on any device to drive action.
This document discusses the importance of creating engaging web experiences and optimizing web presence. It notes that social networking is the most popular online activity and that engaging organizations have higher earnings growth. It also mentions that exceptional customer experiences on websites can increase profits and reduce customer defection. The document provides examples of how seconds matter in online interactions and recognizes several award-winning customer-facing websites.
Innovating and enabling digital futures 12-07-2011Jude Umeh
Jude Umeh gave a presentation on mobile infrastructure and its role in enabling digital futures. Emerging trends in areas like social networking, context-aware computing, and digital content usage will significantly increase the importance of mobile technology. Infrastructure providers must ensure capabilities are in place to support current and future digital services. Umeh discussed key demand drivers and scenarios, examined perspectives from different stakeholders, and outlined addressing issues and enabling further development of mobile infrastructure.
MobiU2012 Summit: Showrooming Study by DeloitteKimberly-Clark
The document discusses Deloitte's Mobile Influence Survey and its key findings. The survey found that 28% of consumers use mobile devices to aid in-store shopping and estimated the "Mobile Influence Factor" by retail category. It determined that mobile currently influences around 5% of total US retail sales ($158 billion) and this could grow to 17-20% of sales by 2016. The document concludes that mobile is transforming the physical store experience and retailers who provide tailored mobile apps will have an advantage in influencing consumer purchases.
Yahoo! and Nielsen conducted a study to better understand mobile internet users and how they consume information across various categories on their mobile devices compared to desktop computers. They surveyed over 8,000 respondents and analyzed their behaviors and attitudes related to accessing 12 product categories on mobile versus PC. Key findings included that mobile is still seen as a secondary platform for shopping, many advanced shopping activities have high failure rates on mobile but high interest in the future, and advertising engagement is high but formats need improvement. The study provides insights into opportunities to transform mobile into a full shopping platform and better serve niche category users.
The document discusses 5 major digital trends for 2013:
1. The convergence of the CMO and CTO roles as marketing increasingly relies on technology and data.
2. The rise of mobility as smartphones, tablets, and mobile devices surpass traditional platforms and consumers expect information on the go across various screens.
3. The emphasis on self-quantification, sensors, and data as consumers track information about themselves and businesses look to leverage this data.
4. The fragmentation of social media into niche communities and internal social platforms changing how organizations work.
5. The importance of location-based targeting and integration as location becomes a new context for understanding customers and delivering personalized, local experiences.
Digiday Mobile with Nielsen: Measuring the Effectiveness of Advertising withi...Digiday
Mobile apps have overtaken browsing on the desktop Web, and consumers are spending nearly two times more time in mobile apps than on the Web. It’s now critical for marketers to have relevant metrics on the branding impact of their mobile in-app marketing campaigns. Learn about Nielsen’s solutions for quick and cost-effective mobile brand advertising effectiveness measurement and optimization to help advertisers maximize their mobile ROI and understand how to best take advantage of this growing medium.
Presenter: Jeff Smith, svp, solution marketing and account activation, Nielsen
Global Trends 10 Key Trends to Watch for 2013Tracey Keys
The presentation to accompany our GT Briefing December 2012: 10 Key Trends to Watch for 2013. How will social everything, digital everything and the geopolitical fight for the future impact your organization? Are you ready?
El estudio "AdReaction 2012: Marketing in the Mobile World" llevado a cabo por Millward Brown y Dynamic Logic en noviembre de 2012 destaca la influencia de los anuncios de televisión en usuarios de dispositivos móviles a la hora de realizar búsquedas, descargar aplicaciones y visitar webs de empresas.
Totango: 3 Steps To Accelerate Revenues From Existing CustomersTotango
You can't manage what you can't measure.
Utilize real-time customer analytics to personalize communications to your existing customers by helping them gain the most value from your offerings.
Did you know that about 80-90% of your company's revenues come from existing customers?
The Customer Engagement Roadmap - The Key to Increasing the Value of Your Membership Base
Want to increase your subscription site’s profitability? The Customer Engagement Roadmap will show you how!
This document contains a list of 14 single words, each beginning with a different letter, ranging from A to T. The words include various materials, colors, audio equipment and other nouns. Overall, the document presents an alphabetical listing of short single words from different semantic categories.
This document provides an overview of software quality assurance. It discusses key quality concepts, quality control, the cost of quality, and software quality assurance. It also describes formal technical reviews, statistical quality assurance, software reliability, and the components of a software quality assurance plan. The goal of software quality assurance is to achieve a high-quality software product through standards, reviews, testing, and other quality control measures.
The document describes JEEVA, a mobile application for recognizing, collecting, sharing, surveying, and exploring flora and fauna. The app allows users to take photos of plants and animals and upload them to the system for identification. If the photo is of a new species, the user can start a new section for it. Otherwise, the user can update existing details. The app is intended for academic, conservation, exploration, and nature lovers to study nature. It has features like image recognition of species, location-based species reporting, automatic species notifications, guides and checklists, article writing and sharing, and discussions. Potential users include students, researchers, tourists, Ayurvedic practitioners, conservation organizations, nature lovers
This document provides tutorials for learning Apex programming using the Force.com platform. The tutorials cover topics such as creating custom objects, using the Developer Console, creating sample data, defining classes, Apex language fundamentals like data types and variables, executing transactions, adding triggers, writing unit tests, and integrating Apex with Visualforce. The goal is to provide hands-on exercises to help developers learn the Apex language and how to develop applications using the Force.com platform. Completing the tutorials will equip developers with essential Apex programming skills.
Breaking Up is Hard to Do: Small Businesses’ Love Affair with ChecksVivastream
This document discusses small businesses' reliance on checks and the challenges they face in adopting electronic payments. It notes that small businesses write billions of checks per year at high costs. While checks meet their needs of being easy to use and widely accepted, electronic payments could offer benefits like cost savings and fraud protection. However, small businesses are often too busy with core operations to prioritize alternatives. The document also outlines hurdles small businesses face in using ACH or credit cards, such as navigating bank requirements and understanding fees. It suggests that businesses more open to electronic payments tend to have standardized payment processes or receive remittance data with payments.
Banks see Smart Commerce as a growing threat that could distance them from customers. Smart Commerce is defined as involving digital payment methods that simplify purchases and enriched communication between merchants and consumers using mobile technology. It is driven by demand from both consumers and merchants, and by large profit pools outside of just payments, particularly merchant sales promotions. Many banks believe Smart Commerce will become widespread within two years and pose the main risk of intermediating banks and reducing their relevance in consumer commerce.
This document summarizes key findings from a global consumer banking survey conducted by EY. Some of the main points include:
1. Customer advocacy and trust in their primary banking provider is high, driven largely by positive customer experiences. However, banks still have opportunities to improve certain aspects of the customer experience.
2. Convenience through digital banking channels is important to customers, but mobile banking features still lag online banking. Simplifying fees and communications remains a top priority.
3. Customers are generally satisfied with their primary bank but open to switching for better service or advice. Segmenting customers reveals opportunities for banks to better meet different needs.
4. Banks should focus on making banking simple and clear
This document summarizes the key findings from EY's 2014 Global Consumer Banking Survey. Some of the main points include:
1. Customer trust and advocacy are important drivers of growth for banks. Customers with complete trust in their primary bank are much more likely to recommend them.
2. Customer experience is a key factor influencing trust and advocacy. Customers cited how they are treated and quality of communications as important reasons for trust. Experience also influenced account openings and closings.
3. Banks can improve the customer experience by making banking simple and clear, providing helpful advice, and resolving problems well. Specifically, banks should improve fee transparency, mobile and online banking, and customer service.
Sereno is a fraud detection solution that uses image analysis and multi-source correlation modeling to identify check fraud. It integrates with existing image processing systems and analyzes check images using multiple recognition engines to flag potential fraud. Sereno reduces false positives and focuses analysts on a small number of suspect transactions. It builds databases of check stock and signatures over time to improve accuracy. Sereno provides cost savings through reduced manual review and losses from fraud while allowing banks to expand their fraud detection capabilities.
Orbograph's new Accura XV solution leverages Next Generation Recognition (NGR) Technology to provide virtually 100% check processing performance at the teller. The solution achieves read rates as high as 95% and can attain 100% read rates on small transactions using V100 mode. It provides tangible benefits like reducing data entry costs and recognition errors as well as intangible benefits like highly reliable technology and streamlined processes. Accura XV is the foundation for all of Orbograph's centralized and distributed recognition solutions and services.
Growth in remote deposit capture is driving additional requirements in check recognition. Orbograph provides a scalable check recognition solution for RDC that uses multiple recognition engines to achieve read rates from 90-98%. The solution can identify alterations, validate fields, and ensure image quality to reduce fraud while streamlining the deposit process. Orbograph offers flexible licensing and deployment options to meet the needs of various sized financial institutions supporting desktop, consumer, and mobile RDC.
The document introduces Orbograph's Healthcare Payments Automation Center (HPAC), a cloud-based platform that hosts two services: P2Post for converting paper explanation of benefit forms into electronic files for practice management systems, and E2Post for matching electronic funds transfer payments to remittance advices. By leveraging image processing and recognition technologies, HPAC can convert claims at high volumes while reducing costs up to 60% by eliminating manual data entry and exceptions. The platform provides adaptive onboarding of forms, HIPAA compliance, and guaranteed performance.
The document discusses next generation check recognition technologies that can improve teller image capture (TIC) and remote deposit capture (RDC) workflows. It outlines several business problems with early generation technologies like low read rates, balancing issues, and fraud risks. Next generation technologies aim to solve these by using multi-engine correlation, dynamic thresholding, item verification, and check box detection to achieve near 100% recognition performance and reduce errors. The benefits include cost savings, improved efficiency, customer experience, and reduced fraud.
Orbograph introduces Automation Services and Automation Services LE, innovative recognition solutions that provide up to 40% labor cost savings through high levels of automation and accuracy. Automation Services achieves 98% automation and 99%+ accuracy, while Automation Services LE attains 90% automation with 99% accuracy. Both solutions support various check processing workflows and can be implemented on Orbograph's legacy OrboCAR platform or new G6 Enterprise Recognition Technology platform. Orbograph also offers managed recognition services to continuously monitor performance and ensure solutions meet guaranteed service levels.
Orbograph is a provider of electronic solutions for healthcare revenue cycle management and check processing recognition software. It has over 1,500 financial institution and biller clients that process billions of documents annually using Orbograph's technologies. Orbograph converts paper-based documents like EOBs into electronic files to automate payment data reconciliation and provide reporting tools. It is a subsidiary of Orbotech and was founded in 1996, employing over 50 people who serve the banking, financial, and healthcare industries.
1. The Top Issues in Mobile
Payments Fraud
JIM PITTS, BITS
CATHY DAVIS, COMERICA BANK
AL PASCUAL, JAVELIN STRATEGY & RESEARCH
CECILIA HOYT, WELLS FARGO & COMPANY
MARCH 11, 2013
2. Agenda
• Mobile Payments Overview
• BITS Threat Assessment
- The Process
- Threats & Vulnerabilities
- Controls and Ratings
- Analysis, Mitigations & Recommendations
• Fraud Risk and Mitigation Strategies:
- Defining Risks
- Analyzing Attacks
- Challenges
- Countermeasures
• Regulatory Outlook
• Future of Mobile Banking and Mobile Payments
2
10. BITS Mobile Threat Assessment Working
Group
• Threat assessment approach and methodology are consistent with NIST
guidelines1
• Risk is the net negative impact of the exercise of a vulnerability, considering
both the probability and impact of the occurrence.
• The Mobile Threat Assessment is used to review the extent of potential
threats and the associated risk created by the existence of the threats.
1 Threat assessment methodology is based on NIST SP 800-30 “Risk Management Guide for Information
Technology Systems” (refer to pages 8 – 26) 10
11. BITS Mobile Threat Assessment
Approach
Core steps in the assessment process:
1 2 3 4 5 6
Controls Controls
Threat Threat Vulnerabilities Control Recommendations
Inventory &
Categorization Identification Assessment Ratings & Mitigation
Analysis
Planning
• Identify applicable threat •Identity the threat • Develop a list of potential • Analyze internal • Determine the impact of • Document existing controls that
categories for Mobile sources which are the vulnerabilities that could preventative and and the likelihood that can limit exposure to identified
threats methods targeted at the be exploited by potential detective controls that potential vulnerabilities threat scenarios and risks
• Document categories and intentional exploitation threat-sources have been implemented, will be exploited in the •Document weaknesses and
threat segments of a vulnerability • Vulnerabilities are or are planned for threat environment control gaps
• Identify the threats potential flaws or implementation, to • Prioritize and weigh risks • Discuss threat assessment
which are the potential weaknesses in procedures, minimize or eliminate the • Identify areas for results with the leadership and
for a threat-source to design, proposed likelihood or probability of immediate improvement stakeholders to determine if
intentionally exploit a implementation or noted threats exploiting and long term mitigation short and long term risk
specific vulnerability internal controls that identified vulnerabilities mitigation strategies and plans
• Create threat scenarios could be exploited • Identify potential control need to be put in place
(as needed )as visual gaps or weaknesses • Document threat assessment
representations of reviews and approvals
potential threats • Repeat process annually or more
frequently based on the risk
assessment requirements and
applicable regulatory guidance
Identify risks, assess controls, determine if gaps exist, then
define plans for any remediation required
12. BITS Mobile Threat Categorization 1
# Category Name Threat Description
Malicious software such as viruses, Trojan horses, spyware, and malicious active content. Viruses are a
Malware Targeting
1 threat to the peripheral device exposure or utilizing infected device to attack other devices. Spyware can
Mobile Platforms be used to eavesdrop, impersonate, or remotely control a compromised device or user.
A malicious person or program could misrepresent as another in order to acquire sensitive personal
2 Mobile Spoofing information.
3 Weak Fraud Controls Lack of adequate monitoring, detection, or prevention technology could lead to fraud losses.
4 Infected Applications Application downloads containing malicious software
Exploitation of malicious web applications to steal credentials, perform fraudulent transactions, or
5 Web Browser Attacks compromise information.
6 Marketplace Certification Misrepresentation of branding or stealing legitimate branding
SMS Redirection, SMS An SMS message can be used to redirect a mobile web browser to a malicious website; call forwarding can
7 Hijack or SMS Exploit be used to fraudulently bypass authentication; fraudsters can subscribe a mobile number to a premium
Forwarding text number service to send messages to and from the numbers.
Compromise of a vendor’s infrastructure could result in the loss of confidential information (now includes
8 Vendor Breach Carriers).
9 Transport/ Protocol Gap Weakness in network or transport layer could allow eavesdropping or takeover
10 User Device Control Mobile device could be lost, stolen or inappropriately borrowed or misused
11 Platform Specific Attacks Utilization of known platform specific weaknesses to perpetrate malicious activities
Utilization of known device specific weaknesses to perpetrate malicious activities (add to break out SIM
12 Device Specific Attacks Card vulnerabilities)
Fake applications placed in application stores for download that are usually trojanized copies of legitimate
13 Rogue Applications applications. The applications are used to harvest credentials and steal data.
13. BITS Mobile Vulnerability Assessment 2 3
Assessment results included input from multiple financial institutions of varying size and
maturity in their mobile offerings.
Mobile
# Vulnerability Description & Examples Likelihood Trend Impact Detailed Rationale
Threat
2 Mobile Description: Medium Increasing Low Impact rating was
Spoofing A malicious person or program could misrepresent as predominantly low with a split
another in order to acquire sensitive personal of several responders into a
information. medium rating. Spoofing
Examples include: targets are a small group,
SMS Spoofing/Smishing: A phishing attempt sent targeted phishing is migrating to
via SMS (Short Message Service) or text message to mobile.
a mobile phone or device. This tactic is also referred
to as smishing, which is a combination of SMS and At this point, good controls are
phishing. The purpose of text message phishing is in place by the carriers to
the same as traditional email phishing: convince prevent spoofing for
recipients to share their sensitive or personal accountability purposes.
information.
Vishing: Also know as voice phishing, this tactic is a Most assessment respondents
phishing attempt made through a telephone call, fax said they are not seeing or
or voice message. In one scenario, messages that hearing about this in their
claimed to be from a bank told users to dial a phone environment. Have not yet
number regarding problems with their bank heard this is widespread, so
accounts. Once the phone number (owned by the cannot assess impact or
phisher and provided by a Voice over IP service) was likelihood as high, although
dialed, prompts told users to enter their account suspect just as in Automatic
numbers and PIN. Vishing sometimes uses fake Number Identification spoofing
caller-ID data to give the appearance that calls come or phishing it will increase as the
from a trusted organization. fraud catches on.
13
14. BITS Controls Inventory and Ratings 4 5
Partial list of controls that were reviewed during the assessment and controls ratings
applied during the review process.
Effectiveness Rating Importance Rating Overall Rating
Control Name (1-5) (1-5) (Low, Medium, High)
Detective Controls
Mobile Fraud Detection (Alerts, Out 3.3 3.7 Medium (7.0)
Sorts, Day 2 Reports)
Device-Specific Patching Processes 3.2 3.3 Medium (6.5)
Application Stores/Marketplace 3.5 3.3 Medium (6.8)
Monitoring
Application Take-Down Processes (Rogue 3.4 3.3 Medium (6.7)
Apps)
Remote Device Wipe/Remote Device Lock 3.9 3.5 Medium (7.4)
Vendor Review Processes 3.3 3.2 Medium (6.5)
Vendor Contracts, Vendor Review 3.0 3.3 Medium (6.3)
Processes, Shared Liability
Consumer Education 2.9 3.4 Medium (6.3)
Identity/Brand Management Controls & 3.3 3.5 Medium (6.8)
Processes
14
15. BITS Aggregated Controls Ratings 4 5
To provide a view of Mobile layered security, the controls were aggregated and rated as a
group. This proved to be an effective communication tool for debriefs with leadership teams
looking for a holistic perspective on mobile risk mitigation.
Aggregate Effectiveness Aggregate Importance Overall Rating
Aggregate Mitigating Controls Rating (1-5) Rating (1-5) (Low, Medium, High)
Identified Mobile Threats & Vulnerabilities
Malware • Multi-factor authentication (mobile &
online banking) 4.16 3.33 Medium (7.49)
Targeting Mobile
• App store development validation
Platforms • Applications sandboxing
• User authentication and login
• Store sensitive information off device
• Mobile malware detection
• Out of band verification controls
• Device settings controls
• Consumer education
Mobile Spoofing • Multi-factor authentication (mobile &
online banking) 4.33 4.60 High (8.93)
• Secure transport protocols
• Mobile fraud detection
• Device/IP verification
• Authentication history of clients’
transactions
• Consumer education
• A symbol or way for a person to know
when they are at a “safe” place to provide
information from their devices
15
16. BITS Recommendations & Mitigation
Planning
Identified Mobile Threat Control Gaps / Potential Long Term Risk
#
/ Vulnerability Description Weaknesses Description Short Term Risk Mitigation Mitigation
2 Mobile Spoofing A malicious person or Mobile Tech Maturity Multifactor authentication Secure transport protocols
program could Issues (Mobile & Online) banking Mobile fraud detection
misrepresent as another Monitoring Capability Device/IP verification Consumer education
in order to acquire Shortfalls Anomaly detection
sensitive personal Developmental
information Oversight
3rd Party Security
Competitive Integrity
Issues
Device Accessibility
Restrictive Policy
Authentication
Compromise
Geo-location Spoofing
3 Inadequate Fraud Lack of adequate Mobile Tech Maturity Multifactor authentication Secure transport protocols
Controls monitoring, detection, or Issues (Mobile & Online) banking Mobile fraud detection
prevention technology Monitoring Capability Device/IP verification Consumer education
could enable or allow Shortfalls Transaction Limits
undetected or Developmental
unauthorized access, Oversight
unauthorized transactions, 3rd Party Security
and/or fraud losses Competitive Integrity
Issues
Restrictive Policy
16
17. BITS Fraud Scenario Development
Mobile Security Threat Fraud Scenarios
Categories
• Malware Targeting Mobile • Malware Attack
Platforms
• Phishing/Smishing/Vishing
• Mobile Spoofing
• Inadequate Mobile Fraud Controls • Account Take Over/ID Theft
• Infected Applications • Impersonation/Hijacking
• Web Browser Attacks • System Breach
• Marketplace Misrepresentation
• SMS Redirection – Hijack or Exploit • Browser Attacks
Forwarding • Marketplace Misrepresentation
• Vendor Breach
• Transport or Protocol Gaps
• User Device Management
• Platform Specific Attacks
• Device Specific Attacks
• Rogue Applications
18. BITS Fraud Risk Scenario – Malware Attack
Threat Type: Malware targeting mobile platforms Applies to: Money Movement: DDA
Scenario: Use of malicious software or applications (MITM, ZITMO, Trojans, spyware) to hijack, impersonate, OLB DDA
steal credentials, or other to support fraudulent crime.
Mobile
Exposure: Theft of private information or credentials to gain access to account assets
Likelihood: Medium Impact: Medium
Criminal Activity
2. Compromised
Credentials 4. Funds •Fraudster issues
•SMS Message sent to money movement on
Fraudster transfer behalf of the
•Customer clicks on a customer
•Customer logs into Online •Customer Prompted to
link which then infects •Fraudster gains
Banking (OLB) using download fraudulent
their mobile device
infected mobile device applications unauthorized access
with a virus
•Customer Prompted to •Fraudster now has control
provide Mobile Number in of OLB and Mobile device;
addition to Username and can re-direct SMS Text
1. Customer
Password
Mobile device •Fraudster key logs 5. Funds
Infected information removal
3. Account
Takeover
Fraud Concerns
• Virus, Trojan, spyware, active Eavesdropping
content
• Peripheral device exposure Remotely control device or user Impersonation
Fraud Controls
•Device settings controls • Application Sandboxing •User authentication and login Multi factor authentication
•App store development • Mobile malware detection •Out of band verification controls
Validation • Store sensitive information off
• Consumer education device
Control gaps
Competitive Integrity issues Authentication compromise
Developmental oversight
• Application distribution practices Criminal proficiency
Infected devices
• 3rd party security
Mobile anti virus issues Device accessibility
• Anti virus sandboxing
Application labeling
18
19. BITS Sample Fraud Scenario:
Account Takeover (Mobile Transfer)
Threat Type: Criminal compromises victim’s online account and conducts multiple inter-customer transfers Applies to: Money Movement:
from victim’s DDA/SAV accounts into his newly established SAV/DDA accounts, and withdraws the funds via Mobile DDA DDA
ATM withdraws and debit card purchases.
transfers
Exposure: Account takeover via compromised credentials, money movement
Likelihood: Low Impact: Low Loss Amount: Confidential
2. Account
Maintenance
Criminal Activity Activities
•08/05/10 Online access
suspended due to security
question failure •Between 08/13/10 to 08/30/10
criminal conducts 32 mobile 4. Funds removal
•08/05/10 Password change inter customer transfer
• 08/04/10 - Existing DDA and •08/06/10 Phone number unauthorized transactions and
maintenance; Security Questions •09/04/10 - Victim visits a
Savings accounts. Customer transfers $20,594 from the •08/06/10 –Criminal drains
and online statement activated on branch and reports
does not have any online victim’s account into criminals the new DDA account via
victim’s profile unauthorized transactions
accts. own savings account ATM withdrawals and debit
•Customer impacted by •08/06/10 victim’s accounts •Criminal then moves funds card purchases
malware enrolled for Mobile Banking from his savings account into 5. Notification
•08/06/10 Criminal adds his his newly opened DDA
1. Open New Account account as an inter customer
transfer payee
3. Funds Transfer
Fraud Concerns
Confidential Confidential Confidential Confidential Confidential
Fraud Controls
Confidential Confidential Confidential Confidential Confidential
Control gaps
Confidential Confidential Confidential Confidential Confidential
19
20. BITS Advisory: Mobile Banking and
Payment Application Vulnerabilities
Existing Security Recommended Mitigation
Vulnerabilities Strategies
• Imposter Applications • Search regularly (i.e. daily or weekly) for
applications utilizing your financial
• Account Aggregation Applications
institution’s brand.
• Rogue Applications • Market the availability of the official
financial institution mobile
application(s).
• Provide consumers with tips on securely
providing financial information via
mobile applications.
• If an application violates copyright or
contains malware, file a complaint
through the store’s support site.
20
21. Regulation Today, and Tomorrow
Existing Regulations
• FFIEC Existing Applicable Guidance
• FTC Consumer Privacy and Protections
• Impact of New Regulations
- Truth in Lending/Reg Z
- Patriot Act, Bank EFT Act/Reg E
- Secrecy Act, AML Reqs
- Gramm-Leach-Bliley
- UCC Article 4A and NACHA Rules
- State money Transmitter and Services Laws
- Dodd-Frank
• Future Oversight
- CFPB
- ANSI
- ISO
21
22. Mobile Standards & Guidelines
• PCI Mobile Payment Acceptance Security Guidelines:
- Prevent account data from being intercepted when entered into a mobile
device
- Prevent account data from compromise while processed or stored within
the mobile device
- Prevent account data from interception upon transmission out of the
mobile device
• NIST 800-124, NIST 800-164
• NTIA Mobile Transparency Code of Conduct for Mobile Applications
• Geo-location Privacy and Surveillance Act
22
23. BITS Layered Security for Mobile
Cellular Service Regulatory
Providers Entities
Protocol/Security Standards Emerging Financial Services
ce
Network Security Assessment Oversight
an
1.
Mobile Malware Detection Threat Information Sharing
pli
T
ru
om
Device Identificaiton Security Standards
st
ed
dC
Consumer Education Consumer Education
Co
an
m
n
m
tio
un
ula
ic
at
g
io
Re
ns
2.
PROCESS
Remote Wipe/Device Lock Fraud Detection
Data Segregation and Encrypt COMPLIANCE Secure Transport Protocols
Secure Transport Protocol Multi-factor Authentication
Multi-factor Authentication Device Identification
Asset Management and Patching Secure Transport Protocol
Application Sandboxing Transaction Limits
6. BYOD or Enterprise Mobile Devices
Financial 3. Mobile Financial Services
Device/OS Integrity Monitoring
Institution Network Security Controls
Network Security Controls Server Side Security Controls
Secure Browsing Out of Band Verification
Enterprise
Enterprise Compliance Monitoring POLICY Code Analysis and Reviews
Device Hardening Consumer Education
Workforce
Workforce Security Awareness SECURE INFRASTRUCTURE Anomaly Detection Consumers
Consumers
t
4.
en
m
Se
lop
c
ur
ve
eSo
De
ftw
re
wa
ar
Application Sandboxing Multi-Factor Authentication
e
rd
De
Protocol/Security Standards Out of Band Verification
Ha
ve
Remote Device Wipe/Lock Transaction Limits
e
lop
ur
Secure Transport Protocols Code Analysis and Reviews
c
m
Se
en
Code Analysis and Reviews Secure Code Checklists
5.
t
Device Application
Manufacturers Developers
23