Earlier this summer, Citigroup Inc. announced that they had discovered a security flaw in their mobile banking application for iPhone. The flaw caused user’s data to be saved directly onto the phone in a hidden file, and was fixed with an update release. They notified more than 110,000 affected users, pointing out specifically that this was not a breach of data – according to their statement, “we have no reason to believe that our customers’ personal information has been accessed or used inappropriately by anyone; i.e., there has been no data breach.”

Regardless of their assessment, this incident should be a wake-up call to financial institutions hoping to implement mobile financial services (MFS). Security is a main concern to mobile banking users – according to a 2010 survey by audit, tax and advisory firm KPMG LLP, some 54 percent of consumers surveyed said they were very concerned about security when using a mobile device. Although this percentage is actually down from their 2008 survey, it is still an indication that security is a top of mind issue.

The Citigroup incident is considered to be one of only a handful of known security events concerning MFS in the US, but there will surely be more. In light of the recession and the difficulties faced by the financial services industry, MFS is currently eyed as a potential area of growth that can attract new customers and build current customer loyalty. And yet, MFS is growing in the US at a much slower pace than in other parts of the world, such as Africa, India, or China. The success of online personal banking services has also served to limit interest in implementing mobile services.

Now is the time to take control of this issue, and meet security challenges head on. Success really does depend, at least in part, on communicating security efforts to consumers, as well as educating them on ways to keep their information safe. If the KPMG survey is any indication, education is half the battle– nearly half the US respondents indicated they didn’t even know if their bank offered any sort of mobile service. Taking a holistic approach now by incorporating fraud prevention tools and access controls and establishing clear and simple disclosure statements will go a long way toward mitigating future risk.

By Jeremiah Miller
Director of Operations, Investigation and Restoration Center, Kroll Fraud Solutions

Tags: Citigroup, KPMG survey, MFS, mobile banking, mobile financial security, mobile security flaw

Categories: Data Security Issues.