Guest View: Is mobile banking in Malaysia trading security for convenience?

Josephine Hoh

Josephine Hoh - Symantec Malaysia modified 

Photo - Josephine Hoh, Country Director, Symantec Malaysia.


The world is going mobile. Smartphones and other mobile devices allow us to stay well-connected and better informed, facilitating our lives in many ways.  Globally, millions of consumers are already using a wide array of mobile devices to conduct their daily financial transactions.

According to Bank Negara Malaysia, the use of electronic payments in Malaysia has increased at an average annual growth of 23.4 percent over the last decade.  In 2012, Malaysian households and businesses performed more than 300 million financial transactions with a value close to RM15 trillion [US$4.49 trillion] online channels. These comprise mainly funds transfers, bill payments, top-up for prepaid cards, purchases of phone cards and payments for investments in the capital market. Among the electronic channels, Internet banking is the most popular.

With the proliferation of mobile devices at 142 percent penetration in Malaysia, it is not surprising that mobile banking enjoys a healthy adoption, with about 3.25 million subscribers. However, mobile banking is not without its challenges.

In line with the growing importance of mobile computing platforms in online transactions, security will have to shift from eCommerce to mCommerce. Cybercriminals motivated by financial reward are increasingly using advanced Trojans to commit large scale financial fraud, targeting institutions worldwide. These modern banking Trojans are extremely flexible, supporting a range of functionalities designed to facilitate fraudulent transactions across a wide variety of services.

Cybercriminals are also entering new markets, expanding operations and seeking out new targets in regions including the Middle East, Africa and Asia. Protective measures need to be taken to ensure adequate security mechanisms are in place to address this issue.

In Malaysia, banks and financial institutions are continuously striving to secure their customer data in the face of growing volumes of data and proliferation of endpoints and mobile devices. Adding to the complexity is the growing number of data breaches from a sophisticated underground economy targeting credit cards, bank account credentials, and other confidential data.

While the advancement in technology and innovation has resulted in greater consumer convenience and enhanced efficiency; it has also created new methods of perpetrating fraud that could be executed faster and with greater reach. This expanded reach is facilitated by an underground financial fraud economy.  In recent years, this underground financial fraud community has swiftly 'morphed' into a service industry with an increasingly organised and localised distribution channels trading bots and intelligent configurations.

Having said all this, the end user is usually the weakest link during an online transaction. Even the strongest technologies are susceptible to social engineering attacks. Institutions need to be open about their security risks and continue to educate their customers about the security issues they encounter.

Key challenges of the banking industry today

Banks are in an enviable and yet challenging position. On one hand, banks can now connect and engage with their customers in new and compelling ways. On the other hand, mobile devices introduce new cyber threats and challenging regulatory issues.

Banks are highly trusted to handle personal financial management. They hold customers' financial accounts and are established issuers of payment cards and other instruments. Unfortunately, the banks' legacy payment systems may present some major challenges in adapting to the fast pace of developments in mobile phones and services. Issues such as time to market, speed of execution, new security and authentication schemes will need to be addressed; as well as gaining a solid understanding of the business opportunities offered by mobile devices.

The recent growth in cloud-based services and applications has also fuelled the proliferation of mobile devices. This is extremely beneficial to bank customers as information is available from a single source, simplifying collaboration and control. Cloud services can offer agility, cost efficiency and predictability, and extend the capabilities of mobile technology. However, cloud computing makes it harder for companies to erect an impermeable boundary around their business; track and control how data is stored, managed, transferred and used.

Symantec's 2012 State of Mobility Report showed that organisations rate mobility highest among IT initiatives in risk. Globally, businesses are losing a significant amount of money to incidents relating to mobile devices - as much as US$429,000 annually in the case of large enterprises. Despite these losses, organisations feel the risks are worth the benefits and they are working to implement security measures to rein in costs and protect corporate information.

Mobility and security

As more users adopt mobile banking in place of conventional in-branch or over-the-phone banking, ensuring the user feels secure is paramount. But the tough question is how many security layers do we need to be certain that there isn't a Trojan or malicious code trying to access our confidential data? There are many ways to deal with this. Most importantly, we cannot lose sight of the user and must strive to provide a user experience that is so compelling, easy and above all, convenient.

Banks need to consider solutions across the security sub-segments that secure endpoints, provide protection for the corporate network, and protect data as it moves over wireless or mobile networks. Mobile security and device management should form the foundation of an enterprise mobility strategy. To ensure a successful, secure enterprise mobility roll out, end user education is essential.

Financial institutions today must provide enterprise mobility solutions that embrace employee needs, automate and refine risk management, implement future-proof solutions and invest in mobile customer services to achieve competitive advantage and customer satisfaction. The ability to offer client security on top of the bank's security solutions for access adds a layer of protection to banking services. This will become increasingly important as the mobile wallets and payments trend grows.

- Josephine Hoh is the Country Director of Symantec Malaysia. She leads the team in the country to drive growth and initiatives in developing new business opportunities.