MILFORD, Conn.-As mobile devices gradually eclipse desktops when it comes to members connecting with their financial data, experts agree that new and different kinds of security threats will arise. But they disagree on where those threats originate.
Andrew Jaquith, chief technology officer for Perimeter E-Security, notes that while PCs have a high likelihood of compromise due to malware and viruses, human error may be the biggest threat to a mobile device.
During a recent webinar on the issue of security, Jaquith and others suggested that loss and theft contribute as significant a security risk as any to mobile banking. But, he said, the development of remote wipe technology-which uses e-mail to issue a "kill command" erasing all sensitive content-will help mitigate risk when a device is lost.
Outside threats are still worthy of concern with mobile devices, continued Jaquith, but smartphones and tablets have their own built-in safety enhancements, and anyone attempting to hack into them would need to get around multiple levels of encryption, including password protections. Relatively simple tools-such as six-character alphanumeric passwords (or eight-digit numeric passwords)-are more secure than shorter, simpler PINs, and automatic lockout features can be enabled if an inaccurate code is entered too many times. Six- or eight-character passcodes, said Jaquith, gives would-be hackers approximately a one-in-1,000 chance of gaining entry into the device.
Remote Wipe Is Just the Beginning
Similarly, Khoi Nguyen, group product manager for mobile management and security products at Symantec, noted that technology such as remote wipe is "just the beginning," and that security for mobile devices is changing as quickly as the devices themselves. Nguyen posited the possibility that financial institutions could issue tablets to front office staff, allowing employees to move more freely about the branch, allowing staff to provide help without teller lines.
Many interviewed for these stories noted that one of the best ways to spur member adoption of mobile banking technology is for CU staff to use it and push members to do the same. But Perimeter's Jaquith suggested that that there must be a trade-off between employee access to such devices - both for personal and professional use.
"The deal is that employees can connect their own devices to the security network if the device they bring in supports your data encryption and employees accept that you have a responsibility to protect your data on those devices," he said.
As mobile banking gradually evolves into an entire mobile wallet, Symantec's Nguyen noted that security enhancements at both the application and device level will help keep consumers safe, yet he also cautioned that "there are always gaps between design and implementation. An app may be designed to be very secure, but there are always flaws in the implementation that require updates to the app and the operating system, so we also recommend to customers and users that they're always up to date on these patches."
