Upload
cibrdtrends
View
216
Download
0
Embed Size (px)
Citation preview
8/12/2019 Eh Mobile Baking_final
1/19
8/12/2019 Eh Mobile Baking_final
2/19
Wireless Access Protocol (WAP) is an open
international standard for application-layer networkcommunications in a wireless-communicationenvironment. Most use of WAP involves accessing themobile web from a mobile phone or from a PDA.
WHAT IS WAP?
8/12/2019 Eh Mobile Baking_final
3/19
What is the purpose of WAP?
To enable easy, fast delivery of relevant
information and services to mobile users.
8/12/2019 Eh Mobile Baking_final
4/19
What type of devices will use WAP?
Handheld digital wireless devices such as
mobile phones, pagers, two-way radios,smartphones, and communicators -- from
low-end to high-end.
8/12/2019 Eh Mobile Baking_final
5/19
Banking RisksSame inherent risk and issues as InternetBanking, primary risks affected
->Strategic
->Transaction
->Reputation
->Compliance
8/12/2019 Eh Mobile Baking_final
6/19
Strategic Risk
Determining wireless banking role in deliveringproducts and services
Defining risk versus reward goals and objectives
->Is the reward added revenue, saving lostrevenues, and/or increased efficiency?
->Are capital expenditures (at purchase andretirement), maintenance and operating costs lessthan the reward (i.e., income)?
8/12/2019 Eh Mobile Baking_final
7/19
Strategic Risk
Implementing emerging e-bankingstrategies
First Mover (bleeding edge) vs. wait and see(permanently lose market share)Ease of implementing outsourced solution to keep up withthe competition
Financial stability of vendorsUncertain customer acceptance
Using standards not designed for secure
banking environment needsRapidly changing technology standardsExpertise
8/12/2019 Eh Mobile Baking_final
8/19
Transaction Risk
Security IssuesWireless transmission encryption
Standards retro-fitted once security became
an issue
Designed to protect transmitted data fromunauthorized access/use
Early standards 802.11 and Wireless AccessProtocols (i.e., WAP) have knownvulnerabilitiesPotential need to upgrade equipment as
standards change
8/12/2019 Eh Mobile Baking_final
9/19
Transaction Risk
Security Issues
Access codes stored on device may allowaccount access if device lost or accessed
User names and passwords may be entered
in clear view on the screen
Customer acceptance of alphanumeric PINsMobile phones require pressing a number key multiple times forcertain letters, which may be challenging even if display is not
asterisked out (i,.e., ****)
8/12/2019 Eh Mobile Baking_final
10/19
Transaction RiskSecurity Lessons Reinforced
Unproven standards can have security weaknessesRisk of external attacks increases as services expand to allow
greater access to systemsCompanies need to maintain knowledge of attack techniques,known and newly identified
End-to-end security is keyDo not rely on wireless transport layer security for banking
application security
Need effective change management processes
Encourage customers to use good PIN/Password
management practices
8/12/2019 Eh Mobile Baking_final
11/19
Transaction and ReputationRiskOutsourcingAccess to expertise
Knowledge of wireless communication standards
and encryption methods
Developing and converting existing products andservices for wireless transmission and use
Effect of device characteristicsSmaller screensButton or stylus commands
8/12/2019 Eh Mobile Baking_final
12/19
Reputation Risk
Reliability of delivery network
Customer acceptance of no-service due totelecommunications issues when they are in areasthey expect service - Consumer Expectations
Processing and handling of interrupted transactions
Integration of wireless applications with existingproducts and services
8/12/2019 Eh Mobile Baking_final
13/19
Compliance Issues
Disclosures
Wireless banking devices are easier to loseand may increase potential of unauthorized
usageTypes of services offered affects level of risk (e.g., P2P payments
increase risk)
Privacy concerns from location based
services
8/12/2019 Eh Mobile Baking_final
14/19
GLBA Compliance
Primary Elements of Information SecurityProgram
Involve Board of Directors
Assess Risk
Manage and Control Risk (including testing)
Oversee Service Providers
Adjust Program
8/12/2019 Eh Mobile Baking_final
15/19
Characteristics of Good Risk
Management
Sound definitions of acceptable riskOwnership of the risk assessmentExplicitly accept risksIdentify key controlsCreate a test plan and follow up of resultsOngoing Board involvement
Active Vendor ManagementSufficient Technical ExpertiseAppropriate Business Continuity Planning
8/12/2019 Eh Mobile Baking_final
16/19
Industry Initiatives
Many companies have strong policies in place tomaintain their position of trust
The reputational risk of the company and loss ofmarket share is at stake
Financial exposure is real
8/12/2019 Eh Mobile Baking_final
17/19
Best Practices
Secure architecture
Vulnerability management
Intrusion detection
Information sharing
Training and awareness
Regular testing, reporting, improving
8/12/2019 Eh Mobile Baking_final
18/19
Whats Next - We Need to Focus On
Security
Authentication and Verification
Proper Due Diligence and Complete Understandingof the Issues
Prepare now for what is ahead
New Entrants into the Marketplace
International Perspective in the New World
8/12/2019 Eh Mobile Baking_final
19/19
THANK YOU