How do banks take care of data security?

Cell phone is becoming more and more technologically and functionally similar to a computer, therefore the threats that a mobile banking user potentially faces are analogous to the threats in electronic banking, i.e. viruses, phishing, spyware, etc.

How do banks take care of data security?

Although today’s cell phones offer many security features, the responsibility for confidentiality and security of sensitive data and user operations rests with the application provider. The range of security features is wide, including various means of user authentication, authorization of banking transactions, and encryption of sensitive and financial data on the device and during data transmission between the application and the banking system.

The classic solution is to use masked passwords – the system requires you to enter selected characters from your password to prevent spyware from intercepting it. Therefore, even if someone suspects the characters you enter, he or she will not be able to log into your account because the system requires different characters each time. When logging in you have to enter the corresponding characters from your login password in the successive active fields.

An additional element used for authorization of individual operations are one-time passwords SMS and one-time passwords – sent by the bank in the form of an inactive list of passwords which has to be activated before use. To further increase your security you should also remember the following rules:

– when receiving a package with one-time passwords make sure that they are intact

– store received lists of one-time passwords in a safe place and do not disclose them to other persons

– one-time passwords are required in the internet transaction service and mobile application, no bank asks for one-time passwords from the operator or consultant in the outlet

– in case you lose or suspect that your list with one-time passwords might have been known to someone (e.g. copied) immediately block the list

– one-time passwords are only used for approval of individual instructions in the internet transaction service and while using the mobile channel – passwords are not required when logging into the transaction service, browsing the history of operations on the account or approval of any operations in the service which you did not initiate

If the highest level of transaction security and data confidentiality is required, it is also possible to implement hardware and software solutions in the form of cryptographic SIM cards or cryptographic MicroSD cards that ensure the highest possible level of data security by encrypting and signing them with an electronic signature. In this case, all operations related to data security, i.e. cryptographic operations, are carried out in the cryptographic processor of special SIM or MicroSD cards using the cryptographic key embedded in them.

– Interestingly, the signature of an electronic document or a transaction made using a cell phone may carry the same legal consequences as a handwritten signature of a paper document. Thus, there are technical and legal solutions that allow for safe signing of bank agreements, e.g. for opening an account, issuing a credit card or a cash loan in the mobile channel – says Krzysztof Cetnarowski, Vice-President of Mobile Experts sp. z o.o.

Another interesting solution available on cell phones is a mobile token. mTOKEN is a dedicated system allowing strong authentication of users with one-time codes generated by a J2ME (JavaPhone) application installed directly on the cell phone. The application, thanks to the use of advanced cryptographic algorithms, allows for unambiguous and undeniable identification of the user. It offers a level of security analogous to the hardware tokens used by banks, but without the need to carry an additional device. In order to achieve the maximum level of security, hardware and software solutions using cryptographic SIM or MicroSD cards can also be applied here.

Banks are increasingly moving away from browser-based solutions tailored for mobile devices to dedicated e-banking applications. Applications offer better convenience of access to mobile banking while providing a much higher level of security and resistance to attacks. In the case of mobile banking in the application version, it is also possible to supervise the application distribution channel, i.e. the way it is delivered from a trusted source to the user’s phone. It is also possible to use a much wider range of security mechanisms in the application itself, such as strong user authentication and strong encryption and secure signature of transactions.

Like this post? Please share to your friends:
Mobile Pedia