Embed Size (px)
Citation preview
Near Field Communication
Safeguarding the Mobile Marketplace
Our speakers
• Larry CollinsHead of e-SolutionsZurich Services Corporation
• Christopher O’Donnell, CPCU ARMAdministrative Vice PresidentDirector of Corporate Insurance & RiskM&T Bank
Conducting business online in an increasingly mobile society
• Cyber security was named one of the top five global risks for companies in 2012 at the World Economic Forum in Davos, Switzerland
• Companies that have traditionally had little data about their customers now must become accustomed with data privacy and security laws, and protect their customers’ personal information
What is Near Field Communication (NFC)?
• “A wireless technology that has a range of only a few inches. It is based on the magnetic field induction between readers and tags in a radio frequency identification (RFID) system. Adhering to the ISO 14443 international standard for smart cards, near field communication (NFC) is compatible with the countless ID card terminals in use around the world.” (PC Mag)
How big is the market?
Juniper Networks
How the Technology Works
1) Coil in the first smart phone sets up a current that is picked up a second smart phone or reader.2) The second smart phone receives the “induced current” from the first, recognizes it as a valid signal and offers a connection.3) The first cell phone accepts the connection and begins the transaction.
How the Technology Works
1) Coil in the smart phone sets up a current that is picked up by the smart tag2) The smart tag receives the “induced current” from the cell phone, recognizes it as a valid signal and offers a connection to the cell phone.3) The cell phone accepts the connection and begins the transaction
Users of NFC-enabled devices can:
• Make payments or use coupons via devices, instead of credit or debit cards
• Transfer files and share documents • Download information about objects, services
or places from “smart posters”• Display electronic identity documents, like air
travel boarding passes
What are some examples of the technology?
What are the risks?• Privacy
– What data is being captured, processed or stored?– Information Privacy and security rules apply!– How does a customer opt-out?
• Security– If you capture store or process data, you have to protect it.– Lost smart phones are now an exposure. Can you shut them down remotely?
• Sentinel Hacking– A hacker can establish a “sentinel” tag, fixed in one place, to receive and
download information from passing smart phones.– Any NPI on the smart phone can then be down loaded– Loss of privacy– Loss of financial info – credit card #s
Businesses that rely on NFC to share company information can:
• Automatically shut-off of an employee’s smart phone if it’s lost, so information can’t be accessed by unauthorized parties.
• Enlist the company’s telecommunications and information technology department to limit the content that employees can download or store.
• Enforce a password requirement. • Encrypt data so it can’t be easily read.
Businesses that rely on NFC to acquire customer information can:
• Use transmitted data for the purpose it was collected: If a customer shared personal information solely to pay for something, don’t then use that data for targeted marketing.
• Secure collected data with encryption, passwords and by restricting access.
• Determine how long data should be stored; create a data purging cycle.• An educated team, aware of global privacy laws, should be in place.• Limit data-reading devices’ power, allowing them to receive data only
from short distances. Limit the content that devices display during transactions.
• Implement the electronic security measures that a near field system requires.
Risk management in practice: M&T Bank
• Our risk management process involves a number of “moving parts” including:– Corporate Risk Management – Corporate Insurance – New Products & Services Committee– Corporate Operational Risk Committee– Management Group
Risk management in practice: M&T Bank
• We are in the process currently to review “alternative channels” of banking service.
• The following slides will take us through a view of how we vet the risks associated with these “alternative channels.”
15
Benefits
Measurable Benefits
• Reduce telecom costs due to deflection from the IVR to mobile channel - $336M• Account acquisition – $5.75MM
• Mobile financial service capabilities are more impactful in a consumer's decision to select a bank than availability of online banking, access to ATMs, or nearby branches. Additionally, banks offering mobile financial services should anticipate as much as a sixty percent increase in sales lift*
Other Benefits
• Provides the bank with a competitive advantage• Establishes a credible presence in mobile banking• Creates infrastructure that can be leveraged for Commercial and Business Banking• Lays the foundation for alerts, mobile check deposit and P2P
*Source: Mercatus
16
Competitive AnalysisCompany SMS Mobile Web Application iPhone App
Bank of America
BB&T
Capital One
Citibank
ComericaFifth Third
First HorizonHuntington Bank
Key Bank
M&I Bank
PNC
Regions Financial
Sun Trust
Synovus
U.S. Bancorp
Wells Fargo
USAA
Zions
17
Business Initiative Risks
Operational Risks• External fraud• Authenticity of the mobile application• Technology failure• Vendor failure• Ability to handle customer service inquiries• Vulnerability of transmitting data wirelessly
Legal/Compliance Risk
• Patent Infringement – Some cases related to mobile banking exist• Legal / FDIC disclosures on mtb.com and in the mobile banking application
Strategic Risks
• Failure to create a credible mobile banking channel that will attract new customers
18
Business Initiative Risks
Reputational Risks
• Patent infringement lawsuits• Compromise of customer data• Failure of technology
Controls
• Timeouts• Apple store• ClairMail controls and contract• Gradual migration• Secure transactions• Process controls: use of Web Banking User ID and passcode, no reset from mobile device, user agent string capture• Information Security is assessing the risk of each mobile feature
19
Loss Scenarios
• Worst Case Loss Scenario• Patent infringement lawsuit, external fraud or data breach at the customer level.
The risks would be reputational in nature.
• Likely Loss Scenario• Mistaken internal transfer between a user’s account• Unintended bill payment to an existing payee
Mobile Banking Enrollment*En
rolle
d Cu
stom
ers
*Reporting through 1/12/2010**Web Banking Active Users: 628,541***DataMart
Number of Days0 12 24 36 48 60 72 84 96 108120132144156168180192204216228240252264276288300312324336348360
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
Mobile TextMobile WAPiPhone App
24,957 App Downloads
76,895 Mobile Web Users12% of active Web Banking
63,296 Mobile Text Users10% of active Web Banking
Total Unique Mobile Users: 128,854, or 21% of active Web Banking**
Profile of Mobile Customer****71% of users are under the age of 36; about 26% are between the ages of 36-55.*Users are profitable. They have high balances & cross-sell.*Users have a higher CQI than non-users.*A disproportionately high share of mobile users are in the Baltimore region.
20
Current EnvironmentIndustry Trends
– Chat
– Video
2000 Today1980
•Alternative Channels growing in transaction, sales, and research activities
•Forrester predicts that one-third of all checking sales will come via the Internet by 2013
•2009 survey by the American Bankers Association finds that customers under the age of 55 prefer to bank online
Small Business Owners Use Smartphones
Small Business Adoption Outpaces Consumer
While only 17% of Americans own smartphones…49% of small business owners are reported to own smartphones.
Source: Forrester, September 2010
22
Current EnvironmentIndustry Transaction Trends
•Mobile and Online transactions will grow at a significantly higher rate than other transactions over the next 3 years (TowerGroup)
•More than 1.5B check deposit transactions will shift from the branch to mobile check deposit by 2014 (Mercatus’ Remote Deposit Capture Adoption Research Study, 2/2012)
•According to Nielsen, by the middle of 2011 over 50% of mobile phones sold in the U.S. are expected to be smart phones, or other all in one device
Source: TowerGroup
Q&A
