Posts tagged identity authentication
Is Mobile Banking Particularly Risky?

by John Thielens, CSO, Axway

Ann Carrns’s recent blog post on consumer concerns over mobile banking security reminded me of an idea brought up in Bruce Schneier’s latest book, “Liars and Outliers: Enabling the Trust that Society Needs to Thrive,” which touches on how the human capacity to perceive risk — a capacity that evolved on the African plains hundreds of millennia ago — evolved specifically for a wild, uncivilized environment, not the sophisticated, high-tech universe we find ourselves in today.

Here’s a reality check: Consumers fear the security risks of mobile banking even though the technology is identical to the technology accompanying any banking they do.

In a post-Check 21 world, for example, paper checks are regularly scanned, their originals may be immediately destroyed, and the digital image becomes a legal replacement document that is routinely transmitted through cyberspace.

So where does this consumer fear come from? I think it originates a little closer to home than the technology that enables mobile banking — because the truth is that most attacks in cyberspace aren’t on the core technologies or cryptography underlying the system, but rather on the people who touch the system. So the biggest risk involved in online and mobile banking is the fact that you haven’t changed your online banking password in six years, you don’t have a PIN protecting your phone, and you gave your ATM PIN to your assistant or kid so they could withdraw money!

If any behaviors should give us pause, it’s these kinds of “careless” security behaviors, practiced by individuals themselves.

So, here’s the plan: Protect yourself, take care of your credentials, and don’t share passwords with anyone. Then relax and watch your online risks — including your banking risks, mobile or otherwise — diminish considerably.

Axway CSO Taher Elgamal Posts on “Leaps Of Faith”

Axway CSO Taher Elgamal posted a blog post on, a news and information portal that focuses on IT security. Please take a look and share your thoughts!

“Similarly – and this may come as a surprise – from a security standpoint, the mobile realm is far more secure than the browser realm, because most mobile transactions are conducted through applications, not browsers. With mobile apps, for instance, the certificates are already built in – they don’t allow the user to trust any random site and click ‘Yes’ to a pop-up window that should genuinely give them pause. They don’t force the user to wonder who the browser should trust, because it’s not a browser.”