Home / Banks warned over mobile virus threat

Banks warned over mobile virus threat

Mobile operators and banks urged to strengthen security for mobile banking

Mobile security should match that of internet security, according to Ovum.
Mobile security should match that of internet security, according to Ovum.

Banks and mobile operators offering mobile payment services "must wake up" to the threat of malware viruses or risk potential attacks, according to a report from research firm Ovum.

Companies involved in mobile payment and banking services, including banks, operators and handset makers must collaborate to improve security, and should "always assume the possibility" of an attack, the report added. 

"Mobile banking is inherently vulnerable. Mobile devices may be lost, stolen or hacked and are used in situations that are inherently less secure than sitting in an office or at a home computer," said Graham Titterington, principal analyst at Ovum.

He added that mobile networks may be intercepted either by breaking the wireless encryption mechanism or by hacking into the wired backbone of the network where encryption is not mandatory under telecommunications standards. "IT malware that compromises back-end servers, but is harmless in the wireless environment, may be passed through the mobile banking interface," Titterington said.

Ovum believes defensive systems for mobile financial services should be designed "incrementally" to a level that is at least equivalent to that deployed in Internet banking.

However, the organisation stressed that mobile security must not be simply a copy of Internet security. "While many of the concerns and strategies are similar, the approach must be tailored to the characteristics of the channel and the way in which it is used," the report stated.

Furthermore, banks should also adopt a broad defense strategy that incorporates ways to detect and limit the effects of an attack, Titterington said. "Network vulnerabilities can be avoided by adopting end-to-end encryption of transactions, independent of any encryption provided by the network operator."