New IBM system adds “robust” security to smartphone banking and shopping

Cybercriminals are already targeting mobile banking apps as a “way in” to customer accounts – as witnessed in ESET’s discovery of a new, advanced Trojan, Hesperbot.

But a new IBM system may help secure smartphones – by using near-field communications chips (NFC) for an additional layer of security.

It’s the first system to allow “two-factor” security for smartphones, according to a CNET report.

“When you use your phone to access the service, the phone is no longer the second factor,” said Diego Ortiz-Yepes, a mobile security scientist at IBM Research.“Our two-factor authentication technology based on the Advanced Encryption Standard provides a robust security solution with no learning curve.”

“One billion mobile phone users will use their devices for banking purposes by 2017  – which  makes for an increasingly opportune target for hackers,” IBM said in a statement.

Many new smartphones ship with the chips, but payment systems using NFC – a radio system designed for short range communication – have failed to catch on, partially due to security concerrns. IBM claims its new system – which requires a card (such as a payment card or employee ID card) and an NFC device – is much more secure.

“The user simply holds the contactless smartcard next to the NFC reader of the mobile device and after keying in their personal identification number (PIN), a one-time code would be generated by the card and sent to the server by the mobile device,” the company says.

“The IBM technology is based on end-to-end encryption between the smartcard and the server using AES (Advanced Encryption Standard) scheme. Current technologies on the market require users to carry an additional device, such as a random password generator, which is less convenient and in some instances less secure.”

IBM scientists in Zurich claim that the system has the advantage of familiarity – many users already use two-factor authentication, for instance to log in to a corporate network.

The system is available from today for any  NFC-enabled Android 4.0 device. Future updates will add other NFC-equipped devices.

Financial watchdogs have warned this year that the increasing use of banking apps – often on unprotected smartphones poses an “important risk” to consumers .
The Financial Conduct Authority, a British watchdog is to investigate the risks posed by banking apps, according to a report by This is Money – particularly malicious apps that pose as genuine banking apps.

An ESET guide to new tricks used by cybercriminals – including fake bank apps – can be found here.

Author , We Live Security

Follow us

Copyright © 2017 ESET, All Rights Reserved.