Gartner Blog Network

Mobile money transactions – are they secure?

by Avivah Litan  |  February 23, 2011  |  3 Comments

The big buzz these days in the world I follow (securing transactions) is around mobile. It was a big theme at the RSA conference and we are getting lots more client questions at Gartner around mobile fraud detection and user authentication. We’ve written one research note that explores the use of various location technologies to aid fraud detection (See “Get Smart using Context Aware Mobile Fraud Detection) and will be writing more that looks at this particular aspect of securing mobile transactions. (John Girard and others at Gartner thoroughly cover other aspects of mobile security, e.g. mobile device/OS security).

In the interim, I just wanted to make one observation – that is most of the financial institutions I work with or use have released iPhone apps but have stayed away from other mobile OS’ and platforms. I asked a few banker colleagues the reason for this, and they told me that; the iPhone development environment is easier to work with, the applications are better controlled in terms of distribution (using the iTunes store), and that they didn’t have the security confidence or appetite yet to develop mobile apps for at least ten operating systems or handset versions (e.g. various Blackberry versions, Symbian, Android) that they would need to support to reach more of their customer population.

You’ll notice that the mobile apps financial institutions are making available to their users generally, for good reason, offer limited functionality and don’t enable high-risk transactions such as adding new payees for bill payment or new accounts for fund transfers. That’s certainly a good thing. There are already reports of attacks on SMS banking outside the U.S. and security researchers are reporting an increase in mobile malware. For example, McAfee reports that new mobile malware threats increased in 2010 by 46 percent over the previous year. Surely these will escalate as more users migrate to mobile banking and other ecommerce apps.

Chase took a big step and is offering remote check deposits on iPhones – by scanning the check with the camera and sending it to Chase servers for processing. This is a really nice pioneering feature (they also pioneered out of band transaction verification for the masses) that is sure to win them more customers. Note that the iPhone app ‘scans’ the check and doesn’t take a picture of it so that it’s not stored on the phone. This makes it similar in security to scanning and depositing checks at the ATM machine although I’m not quite sure how they secure the communication channel from the phone to the bank.

All I know is that I would love to avoid trips to the bank or ATM machines to deposit any checks I do get (like the $13 refund from my insurance carrier…), and as a consumer, I assume I’m pretty well protected from deposit account fraud, should it occur on my account. Now, if I were a small business, it would be a very different story…..


Avivah Litan
VP Distinguished Analyst
19 years at Gartner
34 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Ms. Litan's areas of expertise include endpoint security, security analytics for cybersecurity and fraud, user and entity behavioral analytics, and insider threat detection. Read Full Bio

Thoughts on Mobile money transactions – are they secure?

  1. […] This post was mentioned on Twitter by Keith Ricketts, Bromley Stone, UK Technology News, joviann , Suvish Viswanathan and others. Suvish Viswanathan said: Mobile money transactions – are they secure?: The big buzz these days in the world I follow (securing transactio… […]

  2. Patrice says:

    For the record, the actual pioneer in mobile remote check deposits is USAA, not Chase.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.