Layered Security for Mobile Banking

May 8, 2012 by Mike Byrnes     No Comments

American Banker published a great article last week covering some of JPMorgan’s security strategies for mobile banking. Lloyd O’Conner explained the importance of layering multiple security technologies to protect their clients — as well as their own company — from the growing cyberthreats that not only target the online channel but are zoning in on the mobile channel as well.

O’Conner discusses some critical layers, including:

  1. Authenticating to the device: advanced measures (including biomtetrics) beyond simple PIN protection
  2. Authenticating the mobile device to the banking application: leveraging device certificates and device registration
  3. Authenticating the user to the application and encrypting the communication channel.

While I agree 100 percent with JPMorgan — after all, they are demonstrating clear innovation and leadership in mobile banking here — I think there is another layer that needs to be called out as well.

While varied identity authentication layers are critical, some forms of advanced fraud attacks (e.g., man-in-the-browser) have proven to defeat a broad range of authentication approaches.  Adding real-time fraud detection to flush out behavior anomalies is a critical layer to help detect MITB and, fortunately, is totally transparent to the mobile user.

By deploying a layered security framework, FIs can help defeat advanced MITB malware attacks. This approach not only provides world-class fraud prevention, but also helps enhance the end-user experience.

Mike Byrnes

About

Entrust product manager Mike Byrnes has more than 20 years’ experience in product management and technology marketing with a focus on internet security and business communication systems. Mike drives product marketing for the Entrust IdentityGuard authentication platform with a significant focus on mobile solutions. In addition to mobile, his background covers identity and access management, fraud detection, malware protection, and email encryption solutions. Mike serves as vertical market prime for Entrust financial services segment, working with large banks across the globe to roll out solutions to their consumer- and corporate-banking client base.

Add to the Conversation