Scribd Logo
Upload

Welcome to Scribd!

  • Eh Mobile Baking - Final

    Uploaded by

    cibrdtrends
    15 views19 pages
    imp

    Original Title

    Eh Mobile Baking_final

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    imp

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    15 views19 pages

    Eh Mobile Baking - Final

    Uploaded by

    cibrdtrends
    imp

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 19

    MOBILE BANKING

    Wireless Access Protocol (WAP) is an open


    international standard for application-layer network
    communications in a wireless-communication
    environment. Most use of WAP involves accessing the
    mobile web from a mobile phone or from a PDA.
    WHAT IS WAP?
    What is the purpose of WAP?
    To enable easy, fast delivery of relevant
    information and services to mobile users.
    What type of devices will use WAP?
    Handheld digital wireless devices such as
    mobile phones, pagers, two-way radios,
    smartphones, and communicators -- from
    low-end to high-end.
    Banking Risks
    Same inherent risk and issues as Internet
    Banking, primary risks affected

    ->Strategic

    ->Transaction

    ->Reputation

    ->Compliance
    Strategic Risk
    Determining wireless banking role in delivering
    products and services
    Defining risk versus reward goals and objectives

    ->Is the reward added revenue, saving lost
    revenues, and/or increased efficiency?

    ->Are capital expenditures (at purchase and
    retirement), maintenance and operating costs less
    than the reward (i.e., income)?
    Strategic Risk
    Implementing emerging e-banking
    strategies
    First Mover (bleeding edge) vs. wait and see
    (permanently lose market share)
    Ease of implementing outsourced solution to keep up with
    the competition
    Financial stability of vendors
    Uncertain customer acceptance
    Using standards not designed for secure
    banking environment needs
    Rapidly changing technology standards
    Expertise
    Transaction Risk
    Security Issues
    Wireless transmission encryption
    Standards retro-fitted once security became
    an issue

    Designed to protect transmitted data from
    unauthorized access/use

    Early standards 802.11 and Wireless Access
    Protocols (i.e., WAP) have known
    vulnerabilities
    Potential need to upgrade equipment as
    standards change
    Transaction Risk
    Security Issues

    Access codes stored on device may allow
    account access if device lost or accessed

    User names and passwords may be entered
    in clear view on the screen

    Customer acceptance of alphanumeric PINs
    Mobile phones require pressing a number key multiple times for
    certain letters, which may be challenging even if display is not
    asterisked out (i,.e., ****)
    Transaction Risk
    Security Lessons Reinforced

    Unproven standards can have security weaknesses
    Risk of external attacks increases as services expand to allow
    greater access to systems
    Companies need to maintain knowledge of attack techniques,
    known and newly identified

    End-to-end security is key
    Do not rely on wireless transport layer security for banking
    application security

    Need effective change management processes

    Encourage customers to use good PIN/Password
    management practices
    Transaction and Reputation
    Risk
    Outsourcing
    Access to expertise
    Knowledge of wireless communication standards
    and encryption methods

    Developing and converting existing products and
    services for wireless transmission and use

    Effect of device characteristics
    Smaller screens
    Button or stylus commands
    Reputation Risk
    Reliability of delivery network

    Customer acceptance of no-service due to
    telecommunications issues when they are in areas
    they expect service - Consumer Expectations

    Processing and handling of interrupted transactions

    Integration of wireless applications with existing
    products and services
    Compliance Issues
    Disclosures

    Wireless banking devices are easier to lose
    and may increase potential of unauthorized
    usage
    Types of services offered affects level of risk (e.g., P2P payments
    increase risk)

    Privacy concerns from location based
    services
    GLBA Compliance
    Primary Elements of Information Security
    Program

    Involve Board of Directors

    Assess Risk

    Manage and Control Risk (including testing)

    Oversee Service Providers

    Adjust Program
    Characteristics of Good Risk
    Management
    Sound definitions of acceptable risk
    Ownership of the risk assessment
    Explicitly accept risks
    Identify key controls
    Create a test plan and follow up of results
    Ongoing Board involvement
    Active Vendor Management
    Sufficient Technical Expertise
    Appropriate Business Continuity Planning
    Industry Initiatives
    Many companies have strong policies in place to
    maintain their position of trust

    The reputational risk of the company and loss of
    market share is at stake

    Financial exposure is real
    Best Practices
    Secure architecture

    Vulnerability management

    Intrusion detection

    Information sharing

    Training and awareness

    Regular testing, reporting, improving
    Whats Next - We Need to Focus On
    Security

    Authentication and Verification

    Proper Due Diligence and Complete Understanding
    of the Issues

    Prepare now for what is ahead

    New Entrants into the Marketplace

    International Perspective in the New World
    THANK YOU

    You might also like