Banks turn their eyes to mobile failings: McAfee

Banks turn their eyes to mobile failings: McAfee

Summary: Banks lack mechanisms to determine whether mobile devices used to access customer financial information are secure, according to McAfee CTO of cloud and datacentre solutions, Greg Brown.

TOPICS: Banking, Mobile OS

Financial institutions want customers to do more mobile banking, but they don't have the mechanisms to ascertain whether the mobile devices used to access financial information have been compromised, according to McAfee CTO of cloud and datacentre solutions, Greg Brown, speaking at the Intel Cloud Summit in Bangkok, Thailand, on Tuesday.

Financial institutions having been working to revamp their online banking portals and releasing new mobile apps to make personal banking convenient for customers. As such, online and mobile banking adoption have skyrocketed in recent years.

"These organisations want you to use online banking, because it makes it more efficient for you to do transactions and for them to run their businesses," he said.

Because of this, the banking and financial sector is increasingly concerned with mobile devices being a point of attack and data loss. According to Brown, it is important that the integrity of access devices is considered, not just the IT infrastructure behind them.

"The protection of end-point devices is just as important as making sure the infrastructure, where you are putting the data, is secure," Brown said.

He acknowledged that mobile security is a tricky business in financial institutions, and broadly across the enterprise space, as well. This is made more difficult as businesses move into the cloud and has less visibility and control over its IT infrastructure.

"It is more difficult to secure mobile devices, in that they start off as not being managed by any IT departments," Brown told ZDNet. "They inherently carry a diverse range of applications, and despite the walled garden approach, we are seeing those devices are subject to attacks and are subject to vulnerabilities in applications."

The app space is dynamic, and consumer apps generally don't have the strong security controls the mature enterprise style apps do, he said. While banking or company provisioned apps may not carry vulnerabilities themselves, the array of consumer-grade apps that may sit beside them can be a gateway for cyber-assailants.

Google's Play Store has been known to contain apps that carry security risks, due to its open nature.

With open platforms like Google's Play Store, Brown said that organisations have to start thinking about building quarantine zones within mobile devices to prevent data loss and security breaches.

"The mobile industry, in general, has to evolve more before it can offer the same level of confidence established in the traditional PC market," he said.

Spandas Lui attended the Intel Cloud Summit as a guest of Intel.

Topics: Banking, Mobile OS

Spandas Lui

About Spandas Lui

Spandas forayed into tech journalism in 2009 as a fresh university graduate spurring her passion for all things tech. Based in Australia, Spandas covers enterprise and business IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Re: mechanisms to ascertain whether the devices have been compromised

    They don’t have such mechanisms for PCs, either. But that doesn’t stop them allowing customers to do banking from their PCs. So what’s new?
    • Good Point

      It's true. But apparently having something scan your computer and tell you it's clean suffices? If that's the case, just develop an app for the phones that checks a couple things and tells you your phone is clean.
      • Re: having something scan your computer and tell you it's clean suffices?

        Server: Scan yourself.
        Malware-infected machine: (dum-de-dum-dum) Scan complete.
        Server: Are you clean?
        Malware-infected machine: Yessir, clean as a whistle.

        Now what?
        • Re: Are you clean?

          Yes, if you boot that PC from a Live CD using a compact Linux distro for each transaction.
        • :)

          I was agreeing with you :)
  • The solution is simple:

    Don't use apps to do your banking. The present system works fine, we do not need "mobile apps to make personal banking convenient." The truth is that the convenience is not for us but, as Greg Brown states: "...and for them (banks) to run their businesses."

    These concerns are quite legitimate and need to be addressed. But instead of making the system more complex, simply don't allow any apps to play with your data. We're already giving up to much control of our data to the cloud.