Tuesday, June 16, 2009

Is Cell Phone Safest Way to Bank Online? In a word, No!

Safest Way to Bank Online? Your Cell Phone
Here's an article which essentially says, everybody knows how to steal information from PC users, but cell-phones aren't breached as much, so your chances are better if you use a cell phone for online banking.  I had to chuckle and couldn't help but think that the equivalent of what they are saying is thus:

"When you leaves your keys in your ignition, the likelihood of your car being stolen is higher than if you put them in your glove compartment...so put them there."  The statement may be true, but putting your keys in your glove compartment probably isn't a good idea either. 

At the end of the day, if you type, the bad guys can swipe.  So convincing me to use my cell phone for online banking is, well, a hard cell.

Here's an excerpt from the article:


So you want to bank safely online? Then ditch your computer and make the transaction via your cell phone instead.

Using a mobile handset for this most sensitive online act might sound counterintuitive, given that phones are prone to being lost or stolen, but your cell phone might actually be safer than your computer for paying bills or checking your statement online.

Some phone malware does exist, and examples tend to make headlines due to their novelty. But the main threats to online security, such as keyloggers, Trojan horses, and other data-stealing software, don't exist for phones--yet.

Editor's Note:  If some phone malware already exists, do you really believe that when the "masses" start using phones to online bank the hackers won't focus on ways to breach that technology?  If keyloggers can steal PII (personal identification information) because users "TYPE" using a keyboard, don't you think they can do the same when you "pick n peck" information into your phones handset?  Let's be realistic here.  What's the common denominator between a PC and a Phone.   If you said they both use web browsers, then you'll understand why data needs to be entered and encrypted "outside" the browser space.  HomeATM has a device that does exactly that for the PC and HomeATM has also engineered a device that will do it for smart phones.

"The risk of being infected on a mobile phone is tiny in comparison [with a PC]," notes the security firm Sophos in its annual threat report.

Cell phones dodge malware because they run many different operating systems. 
Security experts agree that crooks stand to steal much more by investing their time in writing a new Windows virus that is capable of infecting millions of PCs than in constructing a Trojan horse that can target only a certain type of phone.  (Editor's Note:  Watch how quickly that will change as people trade in the cell phones for "Smartphones."  By the way,
the prediction is that Smartphone sales worldwide will surge.  See chart on left)  In fairness, the article does go on to point out that it's only speaking about "for now." Not the future...

Android Danger

But that may change. Google is hard at work on its Android phone OS, and iPhones make their way into more and more pockets and purses daily. So while phone OS consolidation holds great promise for better apps and services, it could also make phones more of a target.(for hackers)

The fact that little mobile malware exists does not mean that cell phones are completely safe, of course. Banking and payment systems require passwords and/or PINs, so someone can't just pick up your phone and start transferring money out of your account. (Editor's Note:  Unless the obtained the PAN and the PIN via phishing, smishing or some yet to be developed hack) But there's still plenty of personal information that someone could obtain through your phone.

Phishing--the other big threat to online financial security--may be even more dangerous for phones than for computers.
If you read e-mail on a smart phone, you'll see phishing messages. And whereas on the desktop both Internet Explorer and Firefox employ built-in antiphishing protections, mobile browsers do not.

"You don't have all the antiphishing toolbars" for a mobile browser, says Dave Jevans, chairman of the Anti-Phishing Working Group. Also, some rare attacks twist the traditional phishing message to target mobile phones. Dubbed "smishing" or "vishing" for their use of SMS messages or VoIP systems, such scams may send a phone a text message containing a warning about a credit card account. If you call the number included in the message, an automated VoIP system prompts you to enter your credit card number, for example.

If mobile banking and personal payments catch on, phone-specific risks with malware and phishing may go up as well.
(Editor's Note:  "may go up?") "The expectation is that we will see more malicious applications on devices," says Samir Kumar, group product planner for mobile communications business with Microsoft. But for now, he says, the greatest danger arises when phones are lost or stolen.

Read the Complete Item Here, read how we secure smart phones for financial transactions below:
Attach and Swipe One-Time, Your Smartphone is Forever Enabled as a Secure Payments Device!


Disqus for ePayment News