M-banking security top priority for banks

Mobile security is getting as stringent as Internet banking security, especially as more security threats targeting phones start to appear, say banking executives.
Written by Liau Yun Qing, Contributor

Compared with a year ago, today's mobile banking scene faces greater threat of malware and viruses attacking mobile phones, especially with more users conducting banking transactions on their handsets, according to a Singapore bank.

Sandeep Lal, managing director of consumer banking group eBusiness at DBS Bank, said in an e-mail interview: "Mobile devices are getting more powerful and applications are getting richer [and] there will be little difference between mobile devices and computers except for battery life and storage." DBS launched its mobile banking service in April this year.

"As more consumers use their mobile phones to conduct banking transactions, there will be an increase in malware and viruses targeted specifically at mobile devices," Lal added.

Thus, banks are "constantly mindful" of security threats targeting mobile devices, he said. Having the right authentication and security in place is critical for mobile banking security, he added.

At OCBC Bank, security for mobile banking is as stringent as it is for Internet banking, said Patrick Chew, head of delivery in an e-mail interview, adding that the financial institution's mobile banking application sits on top of its Internet banking platform. The bank made its first foray into mobile banking in 2006, and since has seen its mobile banking users doubling each year.

"Akin to Internet banking, the customer using mobile banking services has to have an access code, PIN (personal identification number) and a 2FA (two Factor Authentication) token to gain access to his accounts," he said.

He added that similar to other banking facilities, users need to keep their PIN secret and 2FA safe to prevent theft and misuse.

For DBS customers, apart from the 2FA, Lal said the bank's customers are protected by its "Money Safe Guarantee", in which the financial firm pledges to replace the customer's money if his online account is compromised or if there is an unauthorized m-banking transaction.

Safety precaution for m-banking users
For users concerned about the security around mobile banking, OCBC's Chew reassured that no sensitive information or transactions will be cached in the phone's memory, and that users need not worry about theses details being exposed in case their phones are lost or stolen.

That said, DBS' Lal cautioned users against storing IDs, passwords and sensitive personal information on their mobile phones as these data are "priceless" to fraudsters. Should mobile phones containing such confidential information be lost or stolen, Lal suggested that the owners contact their banks immediately.

Lal also recommended that users apply new patches and upgrade their smartphone software regularly. They should not click on links in unknown e-mail messages or text messages as these may turn out to be phishing sites, he added.

Apart from users taking basic safety measures, OCBC's Chew said the bank ensures end-to-end encryption that secures the access code and PIN of a customer's mobile banking transaction.

Add to this, Chew said the financial institution works with telcos and device manufacturers to address all security concerns, "ensuring compatibility with almost 100 percent of all phones in the market".

OCBC has a bank audit trail system in place as well, where all transactions carried out by its users are recorded, he noted. "Customers are able to check their latest transaction details and account history online via their mobile phone or [computers].

"Customers also have the option to be alerted via e-mail for funds transfer and bill payment transactions performed," he said. "Should there be any unusual account activity, customers will be alerted to it and hence will be able to report to the bank immediately for investigation."

He added that the bank also educates its customers to download the mobile banking application only through authorized channels such as Apple's App Store and RIM's BlackBerry App World.

Editorial standards