Banks that offer mobile payment services need to "wake up" to the threat of malware, according to analyst Ovum.
"Mobile banking is inherently vulnerable. Mobile devices may be lost, stolen or hacked and are used in situations that are inherently less secure than sitting in an office or at a home computer," Ovum analyst Graham Titterington said today in a statement.
His report, "The malware threat to mobile banking", urges banks to work with mobile network operators and handset vendors to develop defensive strategies.
According to Titterington, mobile networks can be compromised by breaking the wireless encryption mechanism and the more old school methods of hacking into wired network infrastructure where encryption, by law, is not mandatory.
He outlined that malicious software could be passed onto the bank via its mobile services.
"IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the mobile banking interface," said Titterington, adding that mobile phones had become sufficiently powerful to constitute a security threat.
The analyst recommended that banks treat mobile security with the same importance as banking security. However, he said that their measures "must not be simply a copy of internet security" and be specifically tailored for the mobile channel.
The report recommended that banks check their security of mobile payments more rigorously and consider offering to reverse payments made in error "even if fraud is not proven".