Mobile Banking Risks And Mitigation Measures Pdf

File Name: mobile banking risks and mitigation measures .zip
Size: 17082Kb
Published: 22.04.2021

To browse Academia. Skip to main content. By using our site, you agree to our collection of information through the use of cookies. To learn more, view our Privacy Policy.

Trust and security risks in mobile banking

To browse Academia. Skip to main content. By using our site, you agree to our collection of information through the use of cookies. To learn more, view our Privacy Policy. Log In Sign Up. Download Free PDF.

Trust and security risks in mobile banking. Messaggi Kaya. Download PDF. A short summary of this paper. Nowadays, the mobile phone platform creates great opportunities for businesses, especially due to its capabili- ties and population coverage: the number of mobile subscriptions approaches global population figures.

One of the benefits of using mobile banking is the possibility for users to carry out bank transactions, such online payments or transfers, at anytime and anywhere. One factor has been recognised as being a strong reason for users not to adopt mobile banking: their concerns about security.

This dissertation focuses on the relationship between the trust users have in mobile banking and the security risks that the use of mobile devices potentially pose. Acknowledgements To my husband, who patiently waited and supported my crazy hours of work and study. To my beautiful daughter Ayla, having a bit less of mommy during weekends so I could complete this work. To my parents, for their support and motivation through all stages of my education.

To Ivan Flechais for his patience, motivation and follow-up helping me to complete this dissertation. Android: Security overview. With the implementation of operating systems in mobile devices, a range of possibilities for research and development were created, including the introduction of new hardware capabilities: bigger screen size, keyboard input, full web browser on mobile, motion sensors and location-based functionality to mention a few.

Also commonly used to check e-mails, browse the latest news, search nearby points of interest, online shopping, access social media connecting with family and friends, and to run a diversity of applications.

SMS Short Message Service or simply text message is one of the most used mobile ap- plication allowing communication exchange between device users, between customers and in- stitutions which provide alerts, news, verification codes as a way to recover passwords and authenticate users and other services. The launch of app stores triggered an ongoing process of application development and deployment.

The mobile phone platform creates great opportunities for businesses, especially due to its capabilities and population coverage: the number of mobile subscriptions approaches global population figures [18]. Many banks offer one or more of these options [37]. In previous years, most banking transactions were done only interacting with the bank staff at its branch, following by the use of additional services provided by ATMs Automated Teller Machine, or simple cash points.

With the introduction of online banking, the convenience of performing banking transactions outside branch opening hours gained many adopters. On- line customers started to trust the new medium when banks presented security measures to access their bank account, including PIN personal identification number , security questions and PINsentry machines. The use of online banking to access account information, through a browser on a PC, is somehow a common experience for a considerably large audience in many countries, and customers are fairly comfortable with its use [9].

The similarity of smartphones and computer operating systems allowed many security ex- ploits to be adapted and deployed on mobile devices, such as: malware, phishing schemes, Trojan horses, man-in-the-middle attacks, rootkits, denial of services and others. In general, computers users are more aware that they need an antivirus software, password- protect their computers and profiles, perform backups, not install software or open files that come from unknown sources or they do not trust.

However, some studies found a difference in behaviour regarding security understanding when using computers and when using mobile devices.

Despite that mobile devices are normally with their users throughout the day, the lack of knowledge or even care regarding possible security risks comes as a surprise. In addition, banking institutions that offer mobile applications are not transparent enough regarding the type of security they offer to their customers. The lack of understanding about potential security risks and the protection that is offered is one of the major factors that are making users unsure about mobile banking use.

A questionnaire was created as an attempt to understand the difference in behaviour and to gather a sense of trust in mobile banking. A possible reason for that could be because of its ease to use or maybe because of their trust in the mobile bank app which is a direct link to the bank instead of using a browser third-party in between the customer and the bank. The sample data shows the sense of trust in online banking is much higher than the one of the banking application.

This dissertation focuses on the relationship between the trust users have or lack in mobile banking and the security risks the use of mobile devices potentially pose. In order to achieve the purpose of this research, the document is divided in the following chapters: Chapter 2 provides a high level background on mobile security. Chapter 3 presents a list of known mobile security risks and security measures, highlight- ing some elements relevant to mobile banking including bank application use cases.

It also describes human factors in this process and how security measures have influence on user de- cision to apply or ignore security advice to personal gadgets. Chapter 4 includes a questionnaire and presents expectations and findings. Chapter 5 summarises the most important topics covered by the research presenting a con- clusion of this project.

Mobile banking is being adopted by many users around the world, in some countries more than others. Most of renowned banks offer their applications and websites so users are able to perform banking-related transactions with their devices. Online banking is well-known and used by a large audience in many countries and cus- tomers are fairly comfortable with its use [9]. Various security threats have been found, patched and tested in this environment, allowing some sense of security while using banks online.

How- ever, the mobile environment is still fresh and despite some techniques already been applied to make a banking transactions secure via mobile there are still threats and risks involving those transactions that are unknown or ignored by the general public. Despite that users may apply some rules of security when using their computers, they may forget or ignore that the same risks also apply to their mobile devices.

A simple example is the logging screen on a computer where a password is chosen and used frequently to avoid other people accessing files and other information. A mobile device also has options for locking the screen, but the same user might choose not to add a password or PIN to his mobile for convenience or lack of knowledge that such option exists.

The adoption of mobile applications increases daily, and with its use, the security threats are also increasing. The similarity of smartphones and computer operating systems allowed many security exploits to be adapted and deployed on mobile devices, such as: malware, phishing schemes, trojan horses, man-in-the-middle attacks, rootkits, denial of services and others. For the technically savvy, some threats are known and precautions could have been taken to prevent possible attacks on mobile phones.

Malicious software can be downloaded to the phone when a user access a link received via SMS or while visiting a compromised website via mobile browser. Some applications might also use the SMS system or e-mail communication to propagate malware as attachments and these systems are being frequently used to send pictures, music, and other files.

Spyware gathers information about a user without their knowledge also becomes an issue since people are paying more attention to messages coming to their mobiles and the device becomes a way of make a direct advertising [15] and [40]. Gaining ac- cess to SMS interface could create potential financial losses for the user if the attacker sends messages to premium numbers. A phone without a locking mechanism left unattended can be compromised if an attacker physically holds the phone and installs a malware, by visiting a website for example; leaving an open door for future exploits.

The economical view [16] [42] of the user behaviour related to security could indicate a point of failure. If better education was given to mobile users, some preventative measures could be taken without excessive burden to them. Exploits on mobile devices could disclose personal information to attackers.

In mobile banking transactions, it is fundamental for users to have the guarantee that the process is carried out by a valid and official bank, not to a fake institution or individual. To this date, despite my computer-related background and current dissertation highlighting some mobile threats, I had never considered installing antivirus software on my own mobile devices.

When I thought about antivirus companies which have mobile security software, two names came to mind: Bullguard and Kaspersky; possibly because of articles read in the past and also banking companies preferring one or another. A quick check on their websites [7] [22] reveals lightweight and affordable solutions and I could identify potential benefits that could deter or mitigate some the threats and security areas mentioned previously.

Features include: locks your missing phone; locates it and wipes data from it - even if the SIM card is replaced; protects against viruses, spyware, Trojans, worms, bots and more; blocks dangerous and phishing websites; filters unwanted calls and SMS texts; hides private communications including contacts, calls, SMS texts and logs; identifies unauthorised users of your smartphone by secretly taking their mugshot only for Android ; enables easy, web-based control of anti-theft features and it is optimised for low impact on battery life.

Considering the benefits that an antivirus for mobile can provide and the low cost of sub- scription, this solution could be used to deal with some of the threats mentioned previously.

The following chapter states in more detail some of known security risks, security measures, concerns of mobile users as well as their associated behaviour. Some of the exploits that are used on computers can be also used on mobile phones. It took maybe longer than the predictions for serious attacks to happen, the high diversity of the phones and operating systems and the different network topology of the mobile compared to the internet are pointed as some of the reasons [29].

However, vulnerabilities were exploited and attacks were made in various forms: SMS databases stolen, availability attacks were made where the signal of the mobile or base station was blocked rendering the service unusable , eavesdropping, privacy attacks and others.

The following are considered [30] major threats on mobile platforms. For example, rootkits may be used to hide malicious user space files and processes, install Trojan horses, and disable firewalls and virus scanners. Rootkits can achieve their malicious goals stealthily because they affect the operating system, which is typically considered the trusted computing base. Rootkits can access a number of interfaces and information that are not normally available on a PC, such as GPS, voice, messages, battery and other hardware features.

They can com- promise privacy and security of the mobile users. Because rootkits install themselves as kernel modules loaded each time the operating system is loaded and require root access to infect the operating system, they are harder to detect.

They could compromise privacy and security of the mobile users in novel ways that were not available on desktop. Figure 3. A recent way of delivering rootkits is for the obfuscation of web addresses using QR codes. Depending on the application that reads the QR code, the web address can be explicit and waiting for user confirmation to visit or not the web address, but some other applications redirect the user immediately to the mobile browser and auto-type the address, in an automatic and more difficult way to stop the download of malware depending the speed of connection.

Rootkit detection depends on the level of the sophistication of the rootkit itself, but if there is a footprint some malware detection tools might find a rootkit installed. However, because they affect the integrity of the operating system, is accepted that detection mechanisms must reside outside the control of the operating system they monitor.

The server on which the page is hosted identifies the client device as running a po- tentially vulnerable version of the operating system. The attacking website then sends down a specially crafted set of malicious data to the web browser, causing the web browser to run ma- licious instructions from the attacker.

Once these instructions have control of the web browser, they have access to the users surfing history, logins, credit card numbers, passwords, etc. Phishing often an email or SMS that directs user to a website that looks and feel like the legitimate one but it is a fake and has the intention to collect user credit card information, passwords and other details ; other social engineering technique is to entice the user to install an application on the phone that may contain malware.

The two most common such abuses are the sending of spam emails from compromised devices and the use of compromised devices to launch denial of service attacks on either third-party websites or perhaps on the mobile carriers voice or data network. This loss can be either unintentional or malicious in nature. Some infographics can be an interesting way of show data and pass a message in a visual way. Sometimes they overwhelm the viewer with either too much information or their repre- sentation is not relevant enough.

The following infographic created by Bullgard [8] illustrates well some of the mobile threats mentioned previously. Despite being a great advance for the population, the system is not end-to-end secure. To prevent man-in-the-middle attacks, communication encryption can be used [29].

Protecting the data if a mobile phone is lost or stolen is a frequent issue and one sugges- tion is to make non-volatile memory encrypted and a secure store for cryptic keys. Operational systems may handle phone data and processes in different ways and they may present different security aspects. This enables a user to decide whether or not to use an application based on the identity of its author.

Trust and security risks in mobile banking

As digital banking continues to rise, consumers expect to onboard and access financial institutions and smoothly manage their finances on any connected device. In parallel, financial institutions face a dramatic increase in the number of cyberattacks , with more sophistication and complexity. Fraudsters and hackers continuously challenge the security measures in place by financial institutions to protect their customers' sensitive data. We see that, even though financial institutions in the UK do a fairly good job and prevent approx. Thus, risk management strategies and authentication policies need to adapt and be more automated to cope with an increased number of connections, the creativity of fraudsters, and new regulations. We are continuously evaluating, improving, and integrating new technologies to our cloud services to ensure you always have the best possible protection and stay one step ahead of the fraudsters. By adding risk management to your KYC services, you can introduce adaptive onboarding , such as starting the whole process by checking for any signs of potentially fraudulent activity, before launching the actual KYC process.

Retail Payment Systems

Cover Letter. Order Journal. Statement of Originality. Visitor Statistics. Mendeley Zotero Grammarly.

Mobile financial services MFS are the products and services that a financial institution provides to its customers through mobile devices. A mobile device is a portable computing and communications device with information-storage capability. The mobile channel The mobile channel refers to providing banking and other financial services through mobile devices. Although the risks from traditional delivery channels for financial services continue to apply to MFS, the risk management strategies may differ. As with other technology-related risks, management should identify, measure, mitigate, and monitor the risks involved and be familiar with technologies that enable MFS.

Das Modell umfasst neben den Bewertungsobjekten und Merkmalen zur Bewertungsergebnisklassifikation auch die Bewertungsergebnisse selbst. In this paper we focus on the IRB framework for regulating bank capital and consider some scenarios of capital reservations practice in the changing economic conditions, prevailing in Croatia for last several years. We describe the issues of the second consultative document of the new accord and describe how to measure the required capital.

Trust and security risks in mobile banking

Mobile devices — smartphones and tablets — are easy to use and can be taken almost anywhere. But they can also be lost or stolen, infected with malware, and used as a vehicle for fraud.

Risk management cloud services for an optimised digital banking experience

 У него есть охрана. - В общем-то. - Он прячется в укрытии. Стратмор пожал плечами.

Но решил этого не делать.  - Позвони коммандеру. Он тебе все объяснит.  - Сердце его колотилось. Как все это глупо, подумал он, быстро выпалил: - Я люблю тебя! - и повесил трубку. Он стоял у края тротуара, пропуская машины. Наверное, она подумает бог знает что: он всегда звонил ей, если обещал.

 Я забыла: как называется вид спорта, которым ты увлекаешься? - спросила Сьюзан.  - Цуккини. - Сквош, - чуть не застонал Беккер. Сьюзан сделала вид, что не поняла. - Это похоже на цуккини, - пояснил он, - только корт поменьше. Она ткнула его локтем в бок.

Retail Payment Systems

Беккер был доволен. Ложь подействовала: бедняга даже вспотел. - Че-че-го же вы хотите? - выдавил он заикаясь.  - Я ничего не знаю.

Тайные операции. Джабба покачал головой и бросил взгляд на Сьюзан, которая по-прежнему была где-то далеко, потом посмотрел в глаза директору. - Сэр, как вы знаете, всякий, кто хочет проникнуть в банк данных извне, должен пройти несколько уровней защиты.

Trust and security risks in mobile banking
1 Response

Leave a Reply