News and Events
Preventative security is always better than its ugly cousin, reactionary
Mobile transactional services are on the increase, and financial institutions globally are making daily announcements about the addition of mobile services to their offerings. Technology is no longer a barrier to entry and neither is security. The question is rather: do you have the right security and have you mapped your technology needs with your business needs?
There is no doubt that the cautious approach that financial institutions need to take when doing business has assisted in setting the tone by which they do mobile business. It is this same ‘tone’ which emphasises the need for security when considering mobile transactional and payments services. On the other hand, we can already see that companies deploying these technologies wouldn’t be doing so if they did not believe them to be secure.
The potential uses of mobile transacting services are boundless and many institutions are already embracing the reality of mobile banking and where it can take them. You can’t pay a pizza delivery man at the door over the internet, but you can, over a phone – it is all about filling a convenience gap.
A good mobile payment solution needs to have security built into it at the ground level. Providers need to balance risk, usability and functionality, however, and should ensure that security doesn't compromise these.
Risks: the reality
The perception that it is risky to use your mobile phone to do mobile banking or transacting is outdated. The technologies have come a long way in the last five years and some of today's solutions, with the amount of encryption built into them, are more secure than the internet. Customers do however need to be assured that security is in place and at no point is their ‘cash’ in danger.
Ultimately, a financial institution is in control of all transactions it facilitates, and it remains responsible for protecting its customer’s interests. Concerns around mobile banking are the same as the issues faced by those providing internet banking services. As users become more familiar and comfortable with the technology, these fears will ease, as they did with internet banking. User education and ensuring that products are correctly targeted will also will assist.
Beyond the technology
In conjunction with technology-based security a company has to ensure that it builds additional processes and procedures into its offerings to ensure that opportunities for fraud and the like are minimised. Based on experience and exposure Fundamo has incorporated a number of additional controls and processes to assist in further managing any risks. Some of these added measures, which are built into the software, include: immediate notification of activity to customers, the segregation of duties, complete audit trails and transaction histories, transaction limits and daily limits, automatic deactivation of a channel if a PIN is incorrectly attempted three times, dual authorisation and well-defined key, PIN management processes, management and reconciliation reporting, and so on.
Past the debate – Some facts
Any enterprise looking to deploy a transactional mobile engine should look at three main areas. These being technological security, processes and procedures, and error detection. The first involves encryption and the like, the second audit trails, segregation of duties and such, and the third detects and highlights anything that could go wrong, and includes things like informing customer of activity on their accounts. Some existing systems only concentrate on one or two of the aspects as opposed to all three.
If you are concerned about security remember that the bottom line is to ensure that you partner with a company which has built its solutions around security. Like Fundamo, they should be able to show that they have existing clients that are running their solutions in a number of places for a number of years and have implementations and models that have never been compromised.
Back to News >