One thing that is great about doing a cash payment transaction is that very little uncertainty exists in making the payment: you either have the money in your pocket or you don't. When asked about mobile banking, most people are uncomfortable about fraudsters getting access to their personal information and then doing transactions on their behalf. The ease with which information can be stolen is an important topic in the world of mobile banking and I was made aware of this in a recent article from Software Advice written by Michael Koploy that I read.Unfortunately, in the case of mobile security, simple is better. It is the much more complex phones with their multi-feature operating systems that scares me. It is now possible to develop all kinds of interesting applications that could potentially sit and listen or present in another format. Clever developers can build applications living in these operating systems (Android, Apple etc.), that could potentially steal sensitive financial information and send it off to another recipient. Michael argues that application developers and operating system producers should be the gate-keepers to the security of mobile phones. This is unfortunately a pipe-dream. Somewhere one will find a rogue developer that will flex his/her skills to get (in)famous by stealing sensitive information.
I believe that the solution can be found through a combination of some of the following:
- Education to ensure that rogue applications do not get installed easily. Consumers must be taught that one should not install any old applications on a mobile phone.
- Building mobile banking applications with simple security designs that are easily understood. For instance building security on simple PIN entry mechanisms that most people understand and can relate to.
- I believe that hardware and firmware manufacturers should become part of the solution. Security designs should ideally utilise primitives available in the phone or the SIM card and this should be visible to the consumer.
