Security has been on everyone’s mind since last year’s data breaches focused public attention on cyber security. With more online and banking activity moving to the mobile channel, banks are going to have to address new threats and challenges unique to mobile. Jim Pitts, senior product manager at BITS, and one of the experts who will be speaking at Bank Systems & Technology’s Mobile Disruption Forum in May, recently gave us some of his insights on how banks should be responding to those threats and challenges.
BS&T: What do you see as the biggest threats with both consumers and employees that banks are facing?
Pitts: We did a research project looking in 2011 defining and assessing the risks in mobile. I think many of those risks are still the same today. We cam up with a total of 13 categories. One of the big ones was mobile malware that can be delivered through rogue apps. Some larger institutions have been affected by this. There are thousands of app stores globally, and many of them are unregulated, giving the bad guys the opportunity to put out false apps that imply that they’re linked to a big bank. I say it’s like if Walmart put boxes of Tide on their shelves that actually damaged clothes -- with Procter & Gamble’s logo on them -- then Procter & Gamble wouldn’t let them do it.
Then we looked at BYOD in 2012 and came up with four or five main threats. Some of them are similar to the threats on the consumer side, like malware. Others are unique to employee use of mobile devices, like the popularity of cloud, transmission in the clear and intruders gaining access to the enterprise through the device.
BS&T: How aware do you think customers and employees are of these threats?
Pitts: There’s a commercial on TV where there’s an auto accident, and the tagline is “humans are difficult to live with.” We can’t educate these threats away. We’re going to have different pockets of consumers, and some are going to be difficult to work with. I think we do a good job with employee policies, and with educating them. But consumers expect the banks and technology innovators to handle these problems. They know when they get a strange email they shouldn’t open, but it’s difficult for them to keep up with attacks.
One of the rules that we advocate is to assume that every device you work with is compromised, because there are some people ho just aren’t going to be conscientious.
…Read the full story on Bank Systems & Technology Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio