New channels mean an added avenue for hackers to reach victims. There will definitely be attempts, both directly through the mobile platform or the software, along classical means such as phishing attempts or scams with faked mobile versions of banking websites.
Another area of vulnerability is phone theft. If people choose not to secure their phones with passwords they could be opening themselves up to instant plundering of their bank accounts when their phone is stolen. Companies should invest in measures like a remote wiping service if a corporate phone is stolen.
How can banks and retailers allay customers' fears that it is safe to use plastic money or do mobile banking?
They should ensure they are secure in multiple ways. What reassures a customer most, is knowing that the financial institution has the proper tools and is doing everything it can to protect them. This can be achieved to by contacting them when a potentially unusual activity is made on their account. This shows that the bank or retailer is monitoring and flagging unusual activity and is able to stop suspicious activity from going any further.
FICO's analytic offerings can detect suspicious activity in real-time and also detect fraud earlier, with fewer false positives (saying there is fraud when there is not).
Companies also have to practise good data management. Ensuring that data is protected through different types of computer security; enforcing data confidentiality guidelines at the office; educating customers about unsafe data practices; and monitoring computer systems to check for suspicious activity are some ways to ensure that the data remains safe.
What should a company do after a breach has happened?
If you do suffer a breach, the first thing to do is to halt the damage by ensuring that the vulnerability is addressed, so that no one else can take advantage of it. At the same time, the extent of the breach should be studied, and customers informed as soon as possible.
The nature of the theft will shape what the next steps are - banks may want to cancel credit cards and issue new ones, or users may be requested to change their passwords and look out for suspicious activity on their credit card statements. Next, invest in strengthening the system and investigating if there are other vulnerabilities to address. Finally, decide what form compensation will need to be taken.
Be aware that your competitors are likely to benefit if existing customers decide that they cannot trust you anymore. Work on your strengths while announcing what new measures you are taking to ensure that customer data is going to be more secure in the future.
Anything else you would like to add?
Sign up for Computerworld eNewsletters.