Malware and data breaches
Mobile banking’s future looks bright, but security concerns remain. Recent cell phone scandals illustrate that mobile phones can be hacked, and headlines are screaming about the rapid growth of new malware designed to infiltrate mobile devices and exploit personal information and data.
Android malware is exploding, with an early 2011 incidence 400 times higher than a year earlier, according to a May 2011 report from Juniper Network’s Global Threat Center. Not surprisingly, this is directly proportional to the Android operating system’s market share growth, which has grown from 3.9% in
2009 to an estimated 38.5% in 2011, according to a Gartner research report.
While Juniper indicates Android malware still accounts for less than 1% of all malware in the world, the rate of increase suggests mobile devices are attracting more attention from fraudsters. And if nothing else, security experts agree the growth of nefarious activity raises questions about the security—and the prudence—of managing finances on the fly via the mobile channel.
Security must be a concern for credit unions, says Tom Gray of Member Service Solutions LLC, since he’s asked about it “in every webinar” his firm conducts. Gray, and co-managing partner Rick Hargis, say security drove the design of the firm’s CU Mobile Apps.
The app doesn’t push, pull, or store personal information or financial data on any mobile device. Instead, it functions by tying into a credit union’s existing mobile banking or online banking platform. It then repackages the information and features in a faster, more user-friendly format and adds additional functionality, including a GPS-driven branch locator.
Credit unions that develop their own mobile apps also are approaching security as an essential element. At CommunityAmerica Credit Union, Kansas City, Mo., “security was our No. 1 concern,” says Sam Passer, vice president of program services. “It wasn’t an after-thought. We built the app from the ground up focusing on se-curity.”
As an added precaution, the $1.7 billion asset credit union also enlisted a third-party vendor to do a full security review of the Android and iPhone app prototypes before launching them.
Passer acknowledges that mobile threats are proliferating, and his credit union invests a large amount of re-sources to secure online and mobile systems. But he says the greater risk lies not in the mobile platform itself, but in not offering it to members. “We needed it to stay competitive.”
In developing iPhone and Android apps, 1st Advantage Federal Credit Union, Yorktown, Va., considered only veteran vendors with good track records, says Jim Craig, vice president of marketing. The $539 million asset credit union hopes to launch the apps within the next year—as options in addition to its existing mobile banking site.
While Craig is always concerned about security, he’s not alarmed by the increase in hacking and malware. “What we’re seeing in the mobile space is that it isn’t any riskier than regular Web or Internet banking,” he says.
The financial services industry has a bit of “security fatigue,” agrees Rasmussen. Bombarded with messages about breaches everywhere from shoe stores to mortgage companies, many in the business have come to recognize the role security and risk play in both online and mobile banking. Credit unions and their employees manage risk, but they don’t overreact to it.
“Not every risk associated with doing business can be a crisis,” he explains. “Always operating in crisis mode is taxing, draining, and keeps us from doing our best work.
“Security has found its niche in the way we now conduct business,” he adds. “It’s seen as an ongoing, nev-er-ending part of the way we operate, rather than a one-time tragic event that can be dealt with and then forgotten. As things come up, we’ll deal with them. We have to, because the mobile device isn’t going away.”
Mobile-ready members feel the same way, says Craig. “We aren’t hearing anything from our members about security concerns in relation to the mobile channel. Basically, members concerned about security don’t currently use online banking, and certainly won’t use mobile banking.”
“You certainly have all the controls and all the protection that you have on the PC, because it’s encrypted communication back and forth,” agrees David Dye, an integrated services manager at Diebold Inc. “And mobile does have the protection of username and password. You have as much, or more protection, as you do on a PC.”
Diebold—a CUNA Strategic Services alliance provider—offers a fully functional native mobile banking app along with Card Lock. The latter is a new mobile-controlled solution that allows credit union members to lock and unlock debit and ATM cards to prevent identify fraud.
Next: Push notification