Avivah Litan

A member of the Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Coverage Areas:

Mobile money transactions – are they secure?

by Avivah Litan  |  February 23, 2011  |  3 Comments

The big buzz these days in the world I follow (securing transactions) is around mobile. It was a big theme at the RSA conference and we are getting lots more client questions at Gartner around mobile fraud detection and user authentication. We’ve written one research note that explores the use of various location technologies to aid fraud detection (See “Get Smart using Context Aware Mobile Fraud Detection) and will be writing more that looks at this particular aspect of securing mobile transactions. (John Girard and others at Gartner thoroughly cover other aspects of mobile security, e.g. mobile device/OS security).

In the interim, I just wanted to make one observation – that is most of the financial institutions I work with or use have released iPhone apps but have stayed away from other mobile OS’ and platforms. I asked a few banker colleagues the reason for this, and they told me that; the iPhone development environment is easier to work with, the applications are better controlled in terms of distribution (using the iTunes store), and that they didn’t have the security confidence or appetite yet to develop mobile apps for at least ten operating systems or handset versions (e.g. various Blackberry versions, Symbian, Android) that they would need to support to reach more of their customer population.

You’ll notice that the mobile apps financial institutions are making available to their users generally, for good reason, offer limited functionality and don’t enable high-risk transactions such as adding new payees for bill payment or new accounts for fund transfers. That’s certainly a good thing. There are already reports of attacks on SMS banking outside the U.S. and security researchers are reporting an increase in mobile malware. For example, McAfee reports that new mobile malware threats increased in 2010 by 46 percent over the previous year. Surely these will escalate as more users migrate to mobile banking and other ecommerce apps.

Chase took a big step and is offering remote check deposits on iPhones – by scanning the check with the camera and sending it to Chase servers for processing. This is a really nice pioneering feature (they also pioneered out of band transaction verification for the masses) that is sure to win them more customers. Note that the iPhone app ‘scans’ the check and doesn’t take a picture of it so that it’s not stored on the phone. This makes it similar in security to scanning and depositing checks at the ATM machine although I’m not quite sure how they secure the communication channel from the phone to the bank.

All I know is that I would love to avoid trips to the bank or ATM machines to deposit any checks I do get (like the $13 refund from my insurance carrier…), and as a consumer, I assume I’m pretty well protected from deposit account fraud, should it occur on my account. Now, if I were a small business, it would be a very different story…..

3 Comments »

Category: Uncategorized     Tags:

3 responses so far ↓