Rajesh Jayaraman, CTO of Andera and veteran financial technology developer, discusses the key security concerns raised by the use of mobile devices in retail banking, and what you can do to address them. To hear the audio please visit this link: http://www.andera.com/resources/videos.aspx?altTemplate=ResourceDetail&nId=/videos/best-practices/what-you-need-to-know-about-mobile-banking-security.aspx

1. What You Need To Know About
Mobile Banking Security
1

2. What You Need To Know About
Mobile Banking Security
Rajesh Jayaraman
CTO

3. Hello!
We’re glad you’re here! We’ll start soon. A video of this presentation will be sent
to you next week. Email questions to: info@andera.com
How Credit Unions Can Engage the Youth Market
While you’re waiting, register for Wed, Nov 28, 2012 2:00-3:00 PM EST
our next webinar: http://bit.ly/EngageYouth
3 With Tim McAlpine, President of Currency Marketing
& Laurie McLachlan, VP Marketing at Andera

4. Our Mission
To simplify deposit account opening and loan
origination across all banking channels for
customers or members and the employees who
serve them

5. Our History
550
o Opened the first deposit account online for 508 520
Bank Rhode Island in 2004
443
o Industry leader with 550+ financial
institution customers 379
358
o In 2011, acquired oFlows
platform, a four-time Finovate Best
of Show winner for 260
232
mobile, multichannel user
193
experience
143
111
82
58
23 37
2 10
2
2
2
2
2
2
2
2
2

6. Our Clients

7. Our Integrations
Platform
Features
Product

8. Our Product: Andera oFlows
oFlows
Solution oFlows
Online Branch
Deposits
Forms Deposits Forms
Loans Loans
Product

9. Mobile Is Here and It’s Real
3000
3000
Global Installed Base By Device
2500
2500
2000
2000
1500
1500
1000
1000
Data Source: Mary
500
500
Meeker’s 2012 “State of
the Internet” Report
0 0
2009 2010 2011 2012E 2013E 2014E 2015E

10. Mobile for Customer Acquisition
Data Source: Andera

11. Security Is a Barrier to Adoption
How would you currently rate the overall security of mobile
60.0%
banking for protecting your personal information?
50.0%
Total
40.0%
Users
30.0% Non Users
20.0%
Data Source:
Federal Reserve
10.0% Board Mobile
Financial Services
Survey 2012
0.0%
Very Safe Somewhat Safe
Somewhat Unsafe
Very Unsafe Don’t know

12. The Nature of
Mobile Threats
A computer in every pocket
changes the nature of threats:
 Devices can be
stolen or lost
 Work and personal
devices are co-mingled
 Small screen means
security cues are more
subtle

13. The Nature of
Mobile Threats
Many threats are the same:
 Phishing or Social
Engineering
 Malware
 Man in the Middle or Man
in the Browser
 Good Old-fashioned Fraud

14. DO: Implement All Web Security Measures
o Mobile banking sits on top of online banking
infrastructure
o All network and server-side protections remain
relevant:
 Perimeter
 Network
 Servers
 Application
 Data

15. DON’T: Trust the Mobile Device
o Devices can be compromised, stolen, jail-
broken, infected or impersonated
o Treat all information that comes from the device
as suspect and validate
o If you rely on the device for any security, ensure
that you repeat those steps on the server as well
o Storing any sensitive information on the
device, even encrypted, is a bad idea

16. DO: Encrypt All Communications
o Untrusted and impersonated Wi-fi networks are
everywhere
o Cellular networks do not offer any security
guarantees
o If you use a native app,
 Ensure that server certificate is not spoofed
 Ensure that the app communicates with only your
server
o If you use the mobile web, always use HTTPS
 And disable unencrypted access to your application

17. DO: Use Capabilities to Enhance Security
o Smart devices have a variety of features that can
enhance your security and compliance:
 GPS
 Device geo-location better than IP geo-location
 Camera
 Document uploads
 Video could be more secure than phone in your call center
channel
 NFC, QR Codes etc.
o Caution: Use all these features, but don’t trust them

18. Native Apps vs. Mobile Web

19. Native Apps Mobile Web
 Access advanced device  Get advance capabilities
capabilities sooner than last – still no camera
Mobile web access from browser in
 Complex attack surfaces iOS!
(device  Rich body of knowledge
compromise, spoofed on building and running
apps in app store etc.) secure web applications
 Getting it right is hard
Choose wisely!

20. Mobile @ Andera
Andera is leading the trend to introduce mobile devices
into the origination process. Sign documents on the
touchscreen, capture supporting documents with the
camera, all from the branch or from home. An otherwise
complex process converges down to a single device.
Most importantly, users absolutely love the experience.

21. Questions & Wrap Up
Thanks for Listening. A video of this presentation will be sent to you next week.
Email questions to: info@andera.com. Check out what’s up next:
oFlows Demo for Symitar Clients How Credit Unions Can Engage the Youth Market
Mon, Nov 19, 2012 1:00-2:00 PM EST Wed, Nov 28, 2012 2:00-3:00 PM EST
http://bit.ly/SymitarDemo http://bit.ly/EngageYouth
oFlows Demo for Ultradata Clients With Tim McAlpine, President of Currency
Mon, Nov 19, 2012 2:30-3:30 PM EST Marketing & Laurie McLachlan, VP Marketing at
Andera
21 http://bit.ly/UltradataDemo