Too Many Cooks in MobileYes, Volatile Mix Could Spoil the Broth
One of the Central Bank's goals is to integrate mobile's many different platforms and players, from telcos and banks to the automated clearing house, to ensure systems are reliable and secure. And the bank is moving quickly; it expects to release new guidance regarding mobile security by the end of the year.
In the United States, the story for mobile is shockingly different. U.S. regulators are only just beginning to broach the mobile subject. And ask the telcos and/or wireless carrier about the role they expect to play in ensuring mobile financial transactions are secure, and they'll quickly put up their hands -- they only provide the transport system and want no part of the transaction itself.
The further our financial industry delves into mobile, the more we realize we have a lot more to learn about mobile security risks.
Ensuring mobile transactions are secure, the telcos say, is up to the bank. But is that a fair assessment? Maybe, maybe not. The reality is, no one is entirely sure. And the further our financial industry delves into mobile, the more we realize we have a lot more to learn about mobile security risks.
The equation is quickly complicated in the U.S. because of our complex and established communications infrastructure. In many ways, that complexity has stunted growth in mobile banking and payments. In developing parts of the world, such as Africa, telecom technology has leap-frogged, meaning the wireless infrastructure is much more reliable than any wired or land-line communication. That leap-frogging has set the stage for advanced growth in things like mobile banking and payments.
We're sometimes slow to embrace change in the United States. Security is always a concern. But the tipping point is here, and mobile enhancements in the financial arena are taking off more quickly than regulators can manage. The reason the channel is growing so rapidly is the same reason it raises security concerns -- too many players, many of which fall outside the realm of financial oversight.
Donald Saxinger, section chief of information technology for the Federal Deposit Insurance Corp. and an FDIC representative on the Federal Financial Institutions Examination Council, says wireless carriers and mobile platform providers like BlackBerry don't have to meet e-commerce standards set by Regulation E. And because financial institutions have little control over how these additional entities manage and secure the information they send, receive and store, we could all be in for a rude awakening.
And what if those additional entities, like the wireless carriers or the mobile network operators, decide they do want a piece of the payments action? Competition between those operators and banking institutions themselves could soon be an issue, Saxinger says -- an issue that opens even more vulnerabilities if wireless carriers and network operators are able to branch off on their own financial services trails.
"Who's going to enforce consumer protection rules when it's the mobile network operator that's doing mobile payments?" Saxinger asks. "If it doesn't go through the bank, it might not be the banking regulators who have the first say."
That's a question with which Anne Wallace, head of the Identity Theft Assistance Center, takes great issue. "Someone needs to be looking at this before it gets much bigger," she says.
Some headway is being made, and just in time for National Cyber Security Awareness Month, two organizations have put mobile banking and payments on their agendas for October. Next month, BITS, a division of The Financial Services Roundtable, will host a forum dedicated to the emerging mobile channel. Consumer privacy and security are expected to be the focus of the two-day event. And then there's the Retail Payments Risk Forum, which is overseen by the Federal Reserve Bank of Atlanta and led by Fed Reserve executive Richard Oliver.
The Retail Payments Risk Forum, which was founded in 2008 with the mission of bringing together diverse and oftentimes disparate parties that share common interests in attacking fraud and risk related to emerging payments systems, is collaborating with various banking groups to specifically address mobile security. On Oct. 6, the forum is hosting a risk and fraud in retail payments conference.
The U.S. banking industry is making an effort to address the many challenges surrounding security and consumer privacy in the mobile arena. I just hope the financial institutions that have jumped ahead don't get stung with new guidance that makes them back-track in advancement.