Intensify Your Mobile Security Mindset

It’s essential to educate both CU members and staff.

July 19, 2011

By Ondrej Krehel

In an emerging mobile ecosystem of mobile devices, smartphones, and media tablets, customer education will fortify your organization against mobile’s chief dangers: weak security measures and risky user behavior.

Whether your credit union is an active mobile banking player, phasing in mobile services, or taking a wait-and-see approach, now is the time to implement one of the most effective security strategies in mobile fraud prevention: member and staff education.

Cybercriminals are finding mobile fraud to be far more lucrative than traditional PC-based campaigns. Tricking consumers remains the easiest way for hackers to breach a credit union’s security network and steal treasure—your member and organizational data.

Customized viruses, designer malware, and man-in-the-middle or “sniffing” attacks via unsecured Wi-Fi networks target specific mobile platforms to steal banking and personal data.

Malware on Androids alone has jumped 400% since the summer of 2010. An Infosecurity report ranked apps and app stores as “the greatest malicious software delivery system ever invented.”

Mobile security coaches

Train all staff in secure mobile banking practices, proper payment procedures, and the latest threat risks. Share updates to maintain a security mindset.

Once trained, member-facing employees can proactively coach members on mobile banking services and offer practical tips on everything from basic password hygiene to verifying authenticity of third-party apps prior to installation.

Teach your mobile users to treat their devices like a credit card with the Internet attached. According to a 2010 SANS Institute report, 85% of smartphone users don’t employ an anti-virus solution to scan for malware.

Teach them about phishing. Train them to never click on a link sent from your credit union via e-mail or text.

Drill your members in the basics: Keep your phone safe, lock your mobile device when not in use, and use a strong password.

Urge members to not store sensitive information on a phone, such as credit card data, passwords, user ID details, or proprietary work information.

Encourage members to:

  • Activate effective security features such as encryption of a portable device, a time-out password, and remote wipe if a device is lost or stolen;
  • Install an updated antimalware program/solution on the mobile device to guard against spyware, malware attacks, or apps and infected SD cards;
  • Use an on-device personal firewall for interface protection;
  • Delete text/voice messages with financial or personal information; and
  • Follow these security tips.

CU security

To improve security, credit unions should centralize the administration of mobile device policies and enforcement; the ability to locate and remote-lock, wipe, backup, and restore facilities for lost and stolen devices; and monitor device activity for inappropriate use and data leakage.

Other essential precautions include the use of:

  • SSL VPN clients to protect data in transit and ensure secure network access and authorization;
  • Mutual authentication approaches that incorporate multifactor, multilayered security techniques; and
  • Antitheft and antifraud tactics such as online banking transaction confirmations via SMS or call back.

New mobile banking channels—mobile payments, near field communication (NFC), and person-to-person payments are also prompting a virtual third-party gold rush. Google Wallet is launching its mobile payment system this summer.

Visa Mobile, Isis, and Square have staked their own NFC systems, with Apple and Amazon yet to jump, and multiple players in the wings.

Whatever the near future holds, turning a phone into a wallet involves tapping into the liquidity and credit lines now parked in your credit union. At the very least, this presents an opportunity for substantive member education.

ONDREJ KREHEL is chief information security officer at Identity Theft 911, Scottsdale, Ariz. Contact him at 888-682-5911.