Philippe Roy (Danske Bank), Ron van Wezel (Aite Group), Marijke De Soete (Security4Biz)
This webinar is based on the Mobey Forum’s report, the first of two parts, and uses a standardised risk management approach to provide financial institutions with an overview of risk management in MFS, relative to the mobile device environment. To assist with risk evaluation it describes the identified threats and classifies them into twelve categories. An analysis of the risk level is then provided for each category based upon likelihood of its occurrence together with its anticipated impact.
The report contends that one of the highest risks still resides with the end user, the customer. Techniques that target the person rather than the device, such as social engineering and phishing, are often used by criminals to gain (sensitive) information that enables subsequent attacks to be launched, leading to fraud. Impersonation of the customer during the registration for or installation of a mobile financial service or during the mobile financial service transaction itself is also highlighted and examined.
Mobey Forum is now developing a second accompanying report, providing guidance to financial institutions on mitigation measures and best practices to reduce the risks identified.