Security has been on everyoneâs mind since last yearâs data breaches focused public attention on cyber security. With more online and banking activity moving to the mobile channel, banks are going to have to address new threats and challenges unique to mobile. Jim Pitts, senior product manager at BITS, and one of the experts who will be speaking at Bank Systems & Technologyâs Mobile Disruption Forum in May, recently gave us some of his insights on how banks should be responding to those threats and challenges.
BS&T: What do you see as the biggest threats with both consumers and employees that banks are facing?
Pitts: We did a research project looking in 2011 defining and assessing the risks in mobile. I think many of those risks are still the same today. We cam up with a total of 13 categories. One of the big ones was mobile malware that can be delivered through rogue apps. Some larger institutions have been affected by this. There are thousands of app stores globally, and many of them are unregulated, giving the bad guys the opportunity to put out false apps that imply that theyâre linked to a big bank. I say itâs like if Walmart put boxes of Tide on their shelves that actually damaged clothes -- with Procter & Gambleâs logo on them -- then Procter & Gamble wouldnât let them do it.
Then we looked at BYOD in 2012 and came up with four or five main threats. Some of them are similar to the threats on the consumer side, like malware. Others are unique to employee use of mobile devices, like the popularity of cloud, transmission in the clear and intruders gaining access to the enterprise through the device.
BS&T: How aware do you think customers and employees are of these threats?
Pitts: Thereâs a commercial on TV where thereâs an auto accident, and the tagline is âhumans are difficult to live with.â We canât educate these threats away. Weâre going to have different pockets of consumers, and some are going to be difficult to work with. I think we do a good job with employee policies, and with educating them. But consumers expect the banks and technology innovators to handle these problems. They know when they get a strange email they shouldnât open, but itâs difficult for them to keep up with attacks.
One of the rules that we advocate is to assume that every device you work with is compromised, because there are some people ho just arenât going to be conscientious.