Consumer adoption of Mobile Financial Services (MFS) is exceeding the expectations of the banking industry. Banks’ m-banking apps are among the most popular services available on mobile devices. Unfortunately, as a result, the popularity of these apps has invited close attention from criminals. This trend is expected to increase as adoption levels continue to
grow, drawing fraudsters from everywhere.
Financial institutions operate in an increasingly complex mobile ecosystem, developing applications for multiple operating systems and mobile devices that ensure reliability and security. Specialist knowledge of a wide range of security threats is essential for banks to implement proper risk mitigation measures and maintain the balance between user convenience and security.
Threats to the mobile device are not to be considered as an isolated issue. A smart phone is only the “user facing component” of a complex ecosystem, composed of app stores, services and content providers. This interconnectivity exposes both the mobile device and its applications, including those covering MFS, to increased risks.
Risk Mitigation is the second part of Mobey Forum’s Guide to Risk Management in Mobile Financial Services produced by Mobey Forum’s Risk Mitigation Work Group. It outlines the risks faced by MFS if accessed via a mobile device, together with how banks can mitigate the risks.
The first report, published in October 2016, provided an overview of a standardised risk management approach in MFS including how to conduct a detailed threat analysis. This second report provides guidance for financial institutions that have applied a risk management framework to identify risks, with risk mitigation measures and examples of best practices from the industry.
The white paper uses a standardised information security risk management approach, as specified in ISO/IEC 27005, to provide financial institutions with an overview of risk management in MFS, relative to the mobile device environment, specifying security principles and security risk mitigation measures to address the threats identified in the first report.