Money 
Mobile Banking Security
June 17, 2010In an interesting summary article from risk.net titled Banks fail to exploit market for smartphone apps the author David Benyon, rightly points out that particularly in the UK Banks have been slow to take advantage of the rich capabilities of smartphones in their mobile banking strategy.
In fact in the UK – only NatWest and RBS have a downloadable smartphone app, which is still for the iOS only (iPhone, iPod Touch, and iPad).
Monitise Group have been claiming for some time that support for Android phones is coming soon.
Obviously we have been frustrated by the slow adoption by banks and that is partly why we are releasing MoneyToolkit but the real the point about this post, is that in the same article talks about the security situation with smart phone banking applications…
Downloadable apps – provided they are developed responsibly for data protection – can offer greater fraud and virus protection than banking via a smartphone’s internet browser function.
Although the statement is brief and flippant it helps reinforce the point that properly designed smart phone applications are not only more secure than mobile web sites, but in our opinion more secure than using online banking from your desktop browser as well.
The atricle goes on to mention one contributory factor, by quoting a respected Forrester report on the subject…
“Do you have a virus scanner on your mobile? Probably not. How frequently do you update the browser versions? Probably not often, if at all.” says Alexander Hesse, an analyst at Forrester and author of the Forrester report.
In actual fact with the Money Toolkit security model even if your phone was infected with a virus it would be absolutely impossible, and I don’t mean ‘almost’ impossible, actually impossible, to get your bank account details of the phone, for the simple fact that we only store some of your bank passwords, securely encrypted, on the device itself.
Random bits of your passwords are encrypted on our highly secure servers and those servers are managed by two different providers (so no single employee can get at your passwords either). With this design a virus or human attacker would have to steal or infect your phone and also break onto two different secure server systems, then on all three systems they would have to break our military grade encryption before they would be able to get your account details.
In summary I agree that well designed downloadable applications will be more secure than browser based online banking, and because of our unique security system there is currently no mobile banking application that is more secure than MoneyToolkit