Embed Size (px)
DESCRIPTION
Mobile Banking Fraud Prevention
Citation preview
Graduate School of Business
Faculty of Business & Accountancy
CMGB6102 Management Information Systems
[Mini project report]
How to solve fraud issues in Mobile Banking
Semester 1, 2010/2011
(Evening Class on Tuesday)
CGA090055
CGA090085
CGA100015
CGA100045
1 | P a g e
The Table of Contents
Abstract......................................................................................................................3
1. Introduction .........................................................................................................4
1.1Definition……………………………………………………………………………4
1.2 Mobile Banking History……………………….…………………………….…….6
2. Literature Review...........................................................................................7
2.1 Mobile Banking........................................................................................................7
2.2 Fraud concerns associated to Mobile Banking....................................................11
2.3 Peculiarity of Mobile banking...............................................................................18
2.4 Customer Protection discussed up to date...........................................................20
2.4.1 Security in Mobile Banking ..............................................................…….20
2.4.2 Regulation and Guideline of Security..................................................... 20
2.4.3 Authentication.........................................................................................23
2.4.4 Integrity...............................................................................................25
2.4.5 Customer awareness and perception.......................................................28
3. Challenges.........................................................................................................30
3.1 Challenges…………………...……..………………………………………….......30
3.2 Security……………………………………………………………………………30
3.3 Handphone Operability……………………………………………………….32
3.4 Scalability and Reliability……………………………………………………..32
3.5 Application Distribution………………………………………………………33
3.6 Natural Limitations…………………………………………………...……….33
4. Discussions.......................................................................................................34
5. Conclusions.......................................................................................................41
6. Recommendations........................................................................................43
References..............................................................................................................45
2 | P a g e
Abstract
Mobile banking is now spreading fast across the world, in developed and developing
countries. The main purpose of this research is to identify the fraud and risk concerns
associated to mobile banking, customer protections and the ways to solve it as well as
different types of mobile banking services. It also discussed on Malaysia's mobile banking
and the role of mobile operators in mobile banking world. This report was compiled on the
basis of published reports from various sources listed in the references. Result of the study
showed that the use of mobile phones for mobile financial services is relatively new in
Malaysia. Our findings for this paper should be of interest to mobile Financial Service
Providers, whether banks or non-banks, who are considering introducing mobile Financial
Service, and financial regulators who are increasingly interested in the risks of mobile
banking and the extent to which providers are understanding and managing these risks.
This study hopes to provide them with an idea on the concerns and risks involved in
implementing mobile banking projects. Furthermore, this paper may serve as a guide for
managers in telecommunication and banking industry, also government agencies on
possible threats in undertaking mobile banking projects. This paper faced time limitation
as more time would be needed for a detailed and thorough study.
3 | P a g e
1. Introduction
1.1 Definition
Mobile Banking is the new facility in banking sector which allow customers to perform
banking actions on his or her cell phone or other mobile device. This new method of
banking, also known as M-banking and SMS banking, popular and frequently used by
customers because it’s fits with a busy and technologically oriented lifestyle. Mobile
banking is meant to be easier and convenient for the consumer than having to physically
go to the bank, log on from their home computer, or make a phone call. Through this
convenient facility, customers can log into his or her account from cell phone and then do
the transactions such as make payments, check balances, transfer money between
accounts, notify the bank of a lost or stolen credit card, stop payment on a check, receive a
new PIN, or view a monthly statement and many more.
However, the amount of banking customers are able to do on their cell phone varies
depending on the banking institution they use. Some banks just offer the basic mobile
banking activities like text alerts, which are messages sent to the cell phone that alert
customers to activity on their account such as deposits, withdrawals, and ATM or credit
card use. Below are the popular transactions that can be performed through mobile phone,
divided into two categories, account information and payments, deposits, withdrawals and
transfers.
Account information
Mini-statements and checking of account history
Alerts on account activity or passing of set thresholds
4 | P a g e
Monitoring of term deposits
Access to loan statements
Access to card statements
Mutual funds / equity statements
Insurance policy management
Pension plan management
Status on cheque, stop payment on cheque
Ordering cheque books
Balance checking in the account
Recent transactions
Due date of payment (functionality for stop, change and deleting of payments)
PIN provision, Change of PIN and reminder over the Internet
Blocking of (lost, stolen) cards
Payments, Deposits, Withdrawals and transfers
Domestic and international fund transfers
Micro-payment handling
Mobile recharging
Commercial payment processing
Bill payment processing
Peer to peer payments
Withdrawal at banking agent
Deposit at banking agent
5 | P a g e
1.2 Mobile Banking History
In past 30 years, financial institutions have been on a quest to satisfy their customers’ need
for more convenience. The first came into the market is Automated Teller Machine
(ATM) which New York’s Chemical Banks introduced to the American public in 1969. It
did little more than dispense cash at first, but following the evolved of banking sector,
ATM now providing a full suite of financial transactions.
In the mid-1990s, internet banking was introduced which enabled consumers to access
their financial accounts using a home computer with an Internet connection. However, this
new banking facility has some serious limitations. Not all households have computer in
their house, and some households only have computer without internet access, definitely
impossible for them to use the internet banking. The biggest issue is mobility, where
impossible for consumers to stay connected in virtually any location on the planet.
The first mobile banking and payment initiatives were announced during 1999 by
company named Paybox in Germany. It’s evolved over time and now, this banking facility
was used by millions of people around the globe. Suited with the new lifestyle where most
of the people have mobile phone, this new technology also offered variety transactions
that make banking activities can be performed anywhere and anytime.
6 | P a g e
2. Literature Review
2.1 Mobile Banking
Mobile Banking refers to the availability to access and execute banking and financial
services through the use of mobile devices. The financial services offered include
administration revolving an account, access of customised information and executing
banking and stock market transactions (Tiwari and Buse, 2007).
Mobile banking is a new emerging sector of mobile financial services by utilizing mobile
telecommunication technologies. Mobile financial services can be divided into mobile
payment and mobile banking. The cross-border can be drawn between the different
domains while determining whether a banking activity or a sheer mobile payment is
concerned or not (Rolf H. and Aline, 2010).
According to Rolf H. and Aline (2010), mobile payment has been widely and quickly
expanded in industrialised up to now. Mobile payment typically implies a variety of
financial services providers satisfying an intermediary function between demand and
supply in order to facilitate the purchase of products or services with the help of mobile
devices.
In contrast, mobile banking is growing now and is regulated more strictly than mobile
payment, for mobile banking services mean that the transactions are always associated
with a traditional banking activity (Rolf H. and Aline, 2010). Providers of mobile banking
services are regarded as credit institutions required to obtain authorisation approval before
starting their activities (Directive 2006/48/EC).
7 | P a g e
At the same time, the issuance of electronic money also needs to be treated at the different
sight, because it does not automatically correspond to a banking activity. (Rolf H. and
Aline, 2010).
Mobile banking has gained popularity since year 2000 all over the world with customers
willing to pay additional for the use of mobile banking services (Tiwari and Buse, 2006).
Tiwari and Buse (2007) also gave an example where the in South Korea, the demand for
mobile banking (or the number of registered users) rose by 108% from year 2004 to 2005.
At the same time, the number of mobile banking transactions increase by 104% from year
2004 to 2005 with daily average transaction of 287 in 2005 (Korea Times, 2006).
The main contributors of the increasing demand of mobile banking worldwide are
contributed by the following factors (Tiwari, 2006):
• The number of mobile phone users has increased tremendously to an all time high
penetration.
• Globalisation has lead to the need for mobility, hence, mobile services is no longer a
luxury service. Mobile services are now necessary for many people.
• The younger generations have been taught to use internet at a young age and these
children seems to be attracted by modern technology and telecommunication services.
• Mobile communication devices have gained technology advancement to become a
powerful tool when it put together with the introduction of faster data transmission
with the launch of new standards, such as the Universal Mobile Telecommunications
Systems.
8 | P a g e
In the context of business opportunities, the broader usage of mobile telecommunication
has motivated banks as well as non-banks to develop new payment services for their
customers. The banking industry is not primary motivated by the opportunity for new
profits resulting from the mobile financial services, but rather by an image management as
an innovative bank (Rolf H. and Aline, 2010).
Mobile banking services may be categorised into the following (Georgi and Pikl, 2005;
Rolf H. and Aline, 2010):
1) Mobile Accounting
2) Mobile Brokerage
3) Mobile Financial Information
Mobile Accounting
Georgi and Pinkl (2005) defined Mobile Accounting as “transaction-based banking
services that revolve around a standard bank account and are conducted and/or availed by
mobile devices” (p. 57) (Rolf H. and Aline, 2010). Mobile Accounting can be categorised
into two groups.
The first group is called Account Operation which involves monetary transaction
activities. This includes using the mobile banking services to remit money such as paying
bills and transfer of money; issue standard instruction for recurring bill payments such as
monthly rental or telephone bill; transferring funds to and from sub-accounts such as
transfer from savings account to current account and subscribing insurance policies such
as purchase travel insurance policy in short notice.
9 | P a g e
The second group is called Account Administration which refers to users using mobile
banking services to maintain his/her own account. This include administrative matters
such using changing use PIN number; change operative accounts such as creating sub-
accounts to allow users to utilise funds in a particular account without affecting the default
account; blocking lost debit and credit cards regardless of the location of user and check
book requests.
Mobile Brokerage
Users can operate mobile banking facilities for intermediary services related to their
securities account (Georgi and Pinkl, 2005, p. 57; Rolf H. and Aline, 2010). The main
services are selling and buying of shares, bonds, funds, derivatives (such as futures,
swaps, etc) and foreign exchange. The mobile brokerage can be categorised into two
groups.
The first group of mobile brokerage is called Account Operation. Account operation
means users uses mobile brokerage to buy and sell financial instruments. This includes
buying securities, stocks and other financial instruments.
The second group is called Account Administration. The mobile banking services allow
users to administer or manage an account such as changing of PIN number. It also allows
users to manage their order books such as changing the purchase of stocks instruction,
placing new standing orders to buy or sell a particular stock upon the stock price reaching
a specified value.
10 | P a g e
Mobile Financial Information
Mobile Financial Information refers to non-transaction based banking services (Georgi
and Pinkl, 2005, p. 57; Rolf H. and Aline, 2010). This can also be categorised into two
groups.
The first group is called Account Information. Here, users can access their accounts to
check their account balances, request a list of latest transactions performed, generate a
statement for a given period, receive alert SMS from bank whenever transactions
exceeding a certain amount are done on the account, receive alert SMS from bank when
specified stocks fall or jump to a predefined value and receive information if cheque
received has not been honoured, find the nearest ATM machine or bank branches and
receive latest product offers from the bank.
The second group is called Market Information. The information here is not directly
related to the user’s account. The request is customised according to user’s need and
preferences and the information would be sent to the user’s mobile phone. Examples of
market information are requests for foreign exchange rates, interest rates, mortgage rates,
and stock market news and commodity prices.
2.2 Fraud concerns associated to Mobile Banking
Mobile banking has developed new opportunities for consumers and criminals alike, and
some of the greatest vulnerabilities can be derived from the same factors that make
banking by mobile device so attractive (Rapport, 2010).
11 | P a g e
Moreover, the notable thing is that the logical process and business concept of mobile
banking follows that of internet banking, but only wireless space is combined to the
mobile banking (Digital Times, 2009). Hence, mobile banking exposes to all fraud of
internet banking and a variety of web-based fraud. At the same time, the review of the
frauds in internet banking and web-based scams must be on the same line with mobile
banking, for mobile device offers almost same financial functions.
Fraud is a million dollar business and it is increasing each year. The PwC global
economic survey 2007 suggests that almost 50% of companies’ worldwide reported fallen
victim to fraud in the past two years.
Fraud involves one or more people who intentionally act to secretly deprive someone else
of something of value, for their own advantage. Fraud can be formed in unlimited ways.
In recent years, the advance technology and information system has given unscrupulous
people more ways to commit fraud (Bolton and Hand, 2002). Traditional methods of data
12 | P a g e
analysis as a way to detect fraud have been used for a long time. This method required
detailed investigation and analysis of financial, economics, legal and corporate practises.
Although frauds may be similar in content and appearance, each fraud committed is
usually not identical to the other (Palshikar, 2002). The first industry that attempted to
detect and prevent fraud was the telephony companies, the insurance companies and banks
(Decker, 1998). One successful example is the data analysis technique called the Falcon
fraud assessment system developed by the banks, based on a neural network shell
(Brachman et al, 1996).
Today’s financial frauds have many faces. It can involve credit card fraud, real estate
fraud, money laundering, deceptive telemarketing, etc. Specifically related to mobile
banking, Tom Vander and Annelies (2006) described the cloning of SIM cards in terms of
criminal activities. The cloning of SIM cards for the use of unique person mobile phone
for criminal purposes is a case that happens quite often. SIM cards include the information
required for banks to identify the unique customer.
According to McAfee report, in year 2008, the United States online business recorded
losses worth US$4bil due to fraud. The following are the types of frauds (McAfee):
1) Identity theft
A person’s identity in the real world is protected by law. In the virtual world, a person’s
identity outline is less clear. Some digital data with an individual’s identity (such as his
user name, password, and account number) can provide access to his personal data. A
workstation is the target spot for cyber criminals.
13 | P a g e
2) Carding and skimming
Many carding sites can be easily found on the internet where buyers are buying or sell
access to bank accounts, stolen card numbers, dumps from magnetic strips and even entire
personal profiles.
3) Phishing or pharming
Phishing is done by getting confidential information from a user by posing as a trusted
authority. This is usually done using a cleverly deceptive email; the criminal redirects
users to a mirror site. Victims who believe that they are browsing legitimate sites, would
continue to enter their personal information not realising that the bank emails are
fraudulent. At the report of RSA (2009), fraud state by phishing is the following:
Figure1: Phishing attacks per month Figure 2: Top ten countries hosting
phishing attacks
14 | P a g e
4) Crime ware
These crimes include password stealing and key loggers, which log keystrokes, take
screen captures, and sell all data to the collector sites. Crime ware is often associated with
root kits, stealth programs that enable crime ware to be completely hidden to many
security tools.
5) Money Laundering
The traditional money laundering activities include electronic funds transfer, fictional
companies with foreign banks, cash smuggling, bank fraud and informal money exchange
brokers. Modern day money laundering includes mules and virtual casinos. Mules are
individuals recruited over the Internet who serve as intermediaries for recovering cash in
funds that were illegally acquired through phishing, key logging and other scams. For
each transaction, the mule deducts between five percent to ten percent of the committed
amount, forwarding the balance via an anonymous transfer service, such as WebMoney, e-
gold or Western Union. Virtual casinos are online gambling sites which operate without a
license. According to McAfee report, of around 15,000 active online gambling sites
available in year 2006, only 1,766 of these sites are operating with a license. This means
more than 87% of the online gambling sites are illegal.
6) Pump and dump
This is a manipulation of low-prices (penny) stock usually from unattractive companies.
After purchasing a large number of shares at low price, the manipulating purchase would
use spam techniques to send out enthusiastic messages that artificially inflate the stock
15 | P a g e
price. Several days later, after an increase in the stock price in the market, the spammer
would dump the stock and reap a nice profit.
7) Auctions
Auction frauds are one of the biggest concerns among authorities. This was found in eBay,
Amazon.com and Overstock.com where users never received the goods they bid and paid
for or the good that arrived are not in usable condition.
According to RSA report 2009, fraud is a non-stop threat to individual and organization
around the globe, and cyber criminals have increased in more accelerate pace. In fact,
fraudsters continue to continuously develop their technology, carry out increasingly
sophisticated attacks, and deceive online users into falling for scams. Also, global
situations, such as the economy and vulnerability in financial markets, seem to make an
impact on the evolution of cybercrime.
RSA report 2009 suggested that the new fraud technologies are already prevalent like the
followings:
1) The Use of Fast-Flux Botnets
RSA has seen the creation of several sophisticated fast-flux network hosting services
which were both launched by fraudsters and provided for a fee for use by other online
criminals. And those fast-flux networks are observed at online criminals who were using
them to launch phishing and other wrongful content such as money mule recruitment sites.
Fast-flux is an advanced Denial of Service (DNS) technique that recruits a network of
compromised computers to deliver and host phishing and malware websites. The
compromised computers act as an agent, or middleman, between the target and the
16 | P a g e
website. It is difficult to uncover and shut down fast-flux networks as malicious content
servers in that hosting phishing and malware websites are hidden behind a cloud of
compromised machines whose addresses change very quickly in order to avoid detection.
2) Money Muling
Money mule recruitment networks and "mule herders”–managers who control the network
of mules – is a professional fraud cash-out service that is operated within the fraud
underground. In 2008, RSA observed a number of mule recruitment scams delivered via
spam attacks that directed advertised allegedly jobs to conduct money transfers. Websites
allured people to apply for a job described as a "money transfer agent" or "regional
manager.” This is the part of the supply chain for fraud where sheer and innocent people
who are not fraudsters can be recruited to become part of the fraudsters’ money
laundering. Mules transfer cash that originates from compromised bank accounts, from
one criminal account to the other. A mule will get a small percentage of reward depending
on the amount of money laundered.
Figure 3: Correspondence between an online criminal and a potential mule
Source: RSA Online Fraud Report May 2009
17 | P a g e
3) The Consolidation of "Traditional" Phishing and Malware Attacks
In April 2008, RSA uncovered a new two-fold technique that combined both classic
phishing and malware content. The Rock Phish group was the first to pioneer this double
vector attack as they used both phishing sites and the Zeus Trojan, software to snoop
information, to attack and infect online users. Upon receiving the fraudulent
correspondences, victims of these attacks were directed to phony websites created by
fraudsters to solicit personal information. Concurrently, the Zeus Trojan infected their
computers. As a result, if the legitimate Internet user did not fall for the phishing scam and
divulge personal details on the website, the Trojan would later steal information that was
transmitted while the victim interacted with other websites.
The volume of phishing attacks detected during 2008 increased by 66 percent over those
detected throughout 2007. Even though awareness of fraud in developed countries has
been heightened among online users, phishing still remains a popular ground for fraudsters
because it has a very low effort, can reach broad ranges of users, and requires not high
technical expertise to set up.
2.3 Peculiarity of Mobile banking
Now, this will try to shed light to mobile banking closely. Credit Union (July 2010)
reported that while interest in mobile banking is growing, the monitoring of fraud is a
biggest challenge in payment or transfer processing. And also there was a specific live
survey during a recent client conference for Fundtech, Ltd in U.S.A.:
• 39% of respondents will be deploying mobile business banking services within six to
12 months.
18 | P a g e
• 5.3% said fraud monitoring is their biggest challenge in payment processing.
• 23% think adding social networking to business banking is a "ridiculous idea."
• 10% said they have already deployed mobile business banking services.
• 57% of American banks are expected to offer a solution by the end of 2010.
• 26% of respondents said that there is strong interest in mobile business banking
services among their clients
According to the survey, not less both businesses and banks have a plan to launch mobile
banking services sooner or later. However, some of them are concern about fraud
monitoring, namely business side, not only customer.
Next, when it turns to consumers, the more concern about mobile banking rise up as the
following:
From the above, 44% of respondents have concern about identity theft or fraudulent
activities and so they have not access mobile banking.
Another concerning voice is regarding the lost of mobile device. Mobile phones are small
relatively compare to PC and easily lost and stolen, having their stored credentials and text
19 | P a g e
messages with them (Rapport, M. , 2010). Consumer education, as always, remains key
too. “There are all kinds of wild cards out there: losing devices because they’re not
stationary like your desktop PC, new kinds of malware finding multi-access security
breaches, the fact that Bluetooth (the wireless connection between cell phone and
earphone) is nonencrypted–even the uniquely mobile GPS channel, but the my biggest
concern remains the fact that consumers are less vigilant than they should be,” said
Lawlor, former CEO Matt Lawlor.
Besides devices themselves being lost or stolen and hacked, mobile networks may be also
vulnerable and intercepted either by breaking the wireless encryption mechanism or by
hacking into the wired backbone of the network where encryption is not compulsory under
telecommunications standards (Rapport, M. , 2010).
2.4 Customer Protection discussed up to date
2.4.1 Security in Mobile Banking
As mobile banking is a viable business for the financial services providers, the banks
would need to ensure that customer’s information are protected when they use their
mobile devices to do their banking. The key criteria to ensure customers’ data security as
described by Mustafa et al. (2002, p. 356) are as follows:
• Confidentiality. Customer’s data must be protected at all times against any
unauthorised access.
• Authentication. Access to customer’s data can only be allowed after the user
identification has been ascertained and authenticated.
20 | P a g e
• Integrity. Encryption techniques must be used to avoid fraudulence during
transmission.
• Non-disputability. All transactions must be documented to allow customers to track
the transactions executed. This would also enable the customers to report any
discrepancies to the bank. This is very important as this document may be required
by the court of law in the event of any dispute between customers and bank.
2.4.2 Regulation and Guideline of Security
Rolf H. and Aline (2010) stated that the duty of banks relating to data protection and
security includes two salient requirements: banks are not allowed to disclose customer
data to third parties. On the other hand, data security implies that banks must keep
unauthorised persons from misusing their customers’ information. The banks offering
mobile banking must protect customers from the threat of malware on mobile device. Data
security makes a contribution to the protection of bank customers in terms of personal
wealth and information. The common regulations on data protections apply to financial
services providers when a mobile device is utilized to undertake banking transactions.
For example of such the regulations, UK effectuated ‘Privacy and Electronic
Communication (EC Directive) regulations 2003’ reflecting the data protection and
privacy regulation 2003 of European Communities, where personal data is including such
data like mailing lists of named individuals, cookies containing personal data, etc. The
Regulations also govern problems of security, the confidentiality of electronic
communications and the collection, retention and processing of traffic, location and billing
data (Kwang Jin, et al. 2007).
21 | P a g e
At the same time, OECD suggested the Guidelines Governing the Protect of Privacy and
Transborder Flows of Personal Data in the context of international standardization.
However, it is true that the inherent regulations of OECD members fall a short of the
guidelines of OECD.
Figure 4: Principles of Privacy and Personal Data Protection
Collection limitation There should be limits to the collection of personal data and
any such data should be obtained by lawful and fair means and,
where appropriate, with the knowledge or consent of the data
subject.
Data quality Personal data should be relevant to the purposes for which they
are to be used and, to the extent necessary for those purposes,
should be accurate, complete and kept up-to-date.
Purpose specification The purposes for which personal data are collected should be
specified not later than at the time of data collection and the
subsequent use limited to the fulfilment of those purposes or
such others as are not incompatible with those purposes and as
are specified on each occasion of change of purpose.
Use limitation Personal data should not be disclosed, made available or
otherwise used for purposes other than those specified in
accordance with Paragraph 9 except:
a) with the consent of the data subject; or
b) by the authority of law.
Security safeguards Personal data should be protected by reasonable security
22 | P a g e
safeguards against such risks as loss or unauthorised access,
destruction, use, modification or disclosure of data.
Openness There should be a general policy of openness about
developments, practices and policies with respect to personal
data. Means should be readily available of establishing the
existence and nature of personal data, and the main purposes of
their use, as well as the identity and usual residence of the data
controller.
Individual participation An individual should have the right:
a) to obtain from a data controller, or otherwise, confirmation
of whether or not the data controller has data relating to him;
b) to have communicated to him, data relating to him within a
reasonable time;
at a charge, if any, that is not excessive; in a reasonable
manner; and in a form that is readily intelligible to him;
c) to be given reasons if a request made under
subparagraphs(a) and (b) is denied, and to be able to challenge
such denial; and
d) to challenge data relating to him and, if the challenge is
successful to have the data erased, rectified, completed or
amended.
Accountability A data controller should be accountable for complying with
measures which give effect to the principles stated above
Source: www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html
23 | P a g e
2.4.3 Authentication
Customer identification and authorization are essential processes through all the steps of
wireless transmission. For security purposes, customers’ authentication implies that the
banks must know whether the customers are authorized to undertake the related
transaction (Weber and Willi, 2006). As some examples the followings can be reviewed
(Rolf H. and Aline, 2010; Youngsam and Suk, 2008).
Personal Identification Number (PIN) and Transaction Number (TAN): when
customers are able to undertake financial transactions on a secure website, they need a
PIN and TAN.
The confirmation of transaction: the Mobile Transaction Number process would
require transaction confirmation through the mobile phone after transaction has been
completed by customers; namely transaction-related information is delivered to
customers via mobile device
Wireless Public Key Infrastructure (WPKI): even though the business logic and
system base of mobile banking are same with internet banking based on website
(Digital Time, 2009), mobile banking service providers use the authentication
supported by chip like Subscriber Identity Module (SIM), while internet banking
utilizes security based on Public Key Infrastructure (PKI). PKI are arrangement to
manage digital certificate, where PKI arrangements bind digital public keys with
repective user identities..
Banks must employ reliable methods for verifying the identity and authorisation of new
customers as well as authenticating the identity and authorisation of established customers
seeking to initiate electronic transactions (BCBC, 2003). The various methods used by
24 | P a g e
banks would constitute PIN numbers, passwords, smart cards, digital certificates (such as
PKI) as well as biometric identifiers.
2.4.4 Integrity
Banks already know that any information customers submit to a secured or unsecured
Web site is seriously at risk. And thus they need to incorporate the encryption technology
and Secure Sockets Layer (SSL) Certificates they employ (Ion and Alexandru, 2010).
Encryption is the process of encoding information to make it unintelligible to all but the
intended recipient, then decoding them at the receiving end of the transfer so that the
intended recipients can read or hear them. Encryption actually allows users to secure even
other related securities: authentication, privacy/confidentiality, non-repudiation (Joe and
Christoph, 4th edition).
Encryption is the core ground of data integrity and privacy necessary for e-commerce. In
general, customers will submit sensitive information and transactions in mobile banking as
well as web-based transaction only when they are convincing that their sensitive
information is clearly secure (Ion and Alexandru, 2010). Levels of encryption come in
various strengths, made by the number of bits used in the encryption algorithm. The 128
bits of current standard is considered for all intent and purpose unbreakable at current
computing speeds.
Ion and Alexandru (2010) states that older versions of some operating systems and
browsers, in certain combinations, including many Windows 2000 systems, do not support
more than 40-bit or 56-bit encryption. Even the newest Window 7 operating system and its
25 | P a g e
Server counterpart, Windows 2008 R2, have the possibility to use the 40-bit encryption
model Informatica Economică vol. 14, no. 2/2010 33 for connections with older systems.
Unfortunately, these levels are easily breakable today, rendering users of those operating
systems and browser combinations vulnerable. Cryptography (SGC), available with
certain VeriSign SSL Certificates, overcomes this problem for 99.9% of Web site visitors
(the rest of 0.1% represents certain older browser versions that are not capable of 128-bit
encryption with any SSL certificate) (p 31.).
Secure Sockets Layer (SSL) as the standard for Web security is the technology used to
encrypt and protect transaction information transmitted over the Web. SSL protects online
customer and related data in motion which can be intercepted and tampered with by a thief
or hacker if data is sent unencrypted. A SSL Certificate is an electronic file that creatively
identifies individuals and allows encrypted communications. SSL Certificates play a role
as a kind of digital passport or credential (Ion and Alexandru, 2010).
Hence, the security technologies of Web transaction, encryption and SSL certificates, can
applied to mobile banking, for mobile banking employs
same business logic and system environment except for
wireless distance. However, according to Nicholasthomas
of Worldpress, network solutions SSL certificates are not
properly conducted by latest Smartphone. “Today we received reports from our users that
their phone was presenting them with an egregious SSL certificate error when trying to
access our mobile application. We decided to use Network Solutions for an EV SSL cert
26 | P a g e
(primarily to save a lot of money per year on the same certificates at VeriSign). We did
not do sufficient homework” (Source: Worldpress.com)
Apparently, SSL certificates may not a trusted security on most recent mobile devices. In
response to this collapse in online authentication, a consortium of leading certification
authorities and browser providers including Microsoft, Mozilla, Opera and VeriSign have
teamed up to create anti-phishing best practice to address emerging trust threats on the
Internet. The creation of Extended Validation (EV) SSL certificates has been the first
result of the effort. This technology integrated the versatility and Encryption ability of the
SSL with the possibility of certifying the website, which is legitimate with the help of a
security certificate issued by a trusted Certification Authority. And thus EV SSL
certificate prevents unauthenticated parties to access to undertaken transaction by
customers.
One of the key purposes of SSL or EV SSL certificates is to help assure customers that
they are actually shopping and undertaking transaction with virtual space they believe they
are accessing. Security responses to online fraud have been quite passive and ineffective,
and based on old-versioned tools which are becoming more vulnerable under today ever-
changing mobile devices technology. By the use of up-to-date security solutions banks can
start capitalizing on this trust and then gain tangible and intangible benefit from investing
resources into the secure development of mobile banking (Ion and Alexandru, 2010).
2.4.5 Customer awareness and perception
Ion and Alexandru (2010), besides implementing physical device or software such as the
EV-SSL, highlight that financial institute and the online businesses must continue to
27 | P a g e
educate customers and take them to the knowledge required by 21st century the cutting-
edge tech society and associated to safe network usage and practices. Related parties
should spread around the information and knowledge correlated to identifying the most
usual signs of phishing: a certain degree misspellings, generic salutation formulae instead
of clear and personalized ones, urgent “must” deadlines for acting in a certain manner,
account status threats, requests for the user’s personal data and information or fake
domain names and links. Banks should particularly educate customers and help them
understand how to recognize good, valid and secure transaction guidelines before
undertaking in and providing personal and sensitive information to a mobile banking
transaction (Ion and Alexandru, 2010)
The Independent Community Bankers of America (ICBA) and its nearly 5,000 member
banks are advising consumers on how to safely use mobile banking applications.
“Mobile banking, one of the fastest growing trends, gives our customers flexibility and
the chance to manage their finances any time, anywhere. To stay ahead of the demand,
community banks are investing millions to secure their banking channels, but
consumers need to make good decisions as well in order to avoid the scams and
schemes that are growing up around this new technology,” said R. Michael Menzies,
ICBA chairman and president and CEO of Easton Bank and Trust Co., Easton, Md.
Banks can pass and educate along with these mobile banking applications (Teller Vision,
May 2010, p.5):
28 | P a g e
• Never pass personal identification or banking information via your mobile device
unless you initiate the contact and you know that you’re dealing directly with your
bank.
• Remember, your bank would never contact you asking for personal or banking
information. Assume any unsolicited text request is fraudulent. Giving this
information places your finances and privacy at risk.
• Avoid sharing your password, account number, PIN number, and answers to secret
questions. Don’t save this information anywhere on your phone.
• Don’t set the Web or client-text service to automatically log you in to your bank
account. If your phone is lost or stolen, someone will have free access to your money.
• Set the phone to require a password to power on the handset or awake it from sleep
mode.
• Immediately tell your bank and your mobile operator if you lose your phone.
S. Singh (2006) study concluded that people generally focuses on the services delivered
by the financial services rather than the technologies used to enhance data security. The
banks could increase the customers’ thrust on their data security through the following
three ways:
• Increase the convenience and usefulness of online transactions.
• Have the customers believe that the bank would not allow their customers to suffer
from fraudulent activities.
• Provide personalized online transaction experience by giving customers greater
control over their transactions and information.
29 | P a g e
What is more important is that customers need to feel at ease to use the mobile services.
They need to place their trust that the bank would do whatever necessary to protect their
interest and security. Hence, it is important that banks build that trust perception with its
customers and customers’ awareness (S. Singh, 2006; Teller Vision, May 2010)
In a nutshell, customer protection goes beyond the requirements resulting from technical
security and customer awareness. The bank has a fiduciary duty to its customers. The bank
shall abide by its duties in order to gain customer trust.
3. Issues/Problems/Challenges
3.1 Challenges
In a high technology used in new solution of banking needs, the providers of the mobile
banking service need to face with challenges along the way of its implementation. The big
challenge is in terms of data security followed by others that are handset operability,
scalability and reliability, application distribution, and personalization.
3.2 Security
Nowadays, most of financial institutions are incorporating mobile banking and financial
services as consumers increasingly turn to their mobile devices to conduct everyday tasks.
Despite the convenience of doing business this way, majority of consumers are reluctant
to try mobile banking because of perceived security threats. Mobile banking involved
transactions “through the air” and consumers worried if their important information such
as name, address, amount of money, credit card num and PIN number being misused or
hack by other people. Financial institutions need to have a strategy and planning to
30 | P a g e
overcome this big challenge and increase the confidence level of consumers to use this
new high technology facility. In order to provide security to mobile banking transactions,
the below aspects need to be addressed:
Physical part of the hand-held device. If the financial institution is offering
smart-card based security, the physical security of the device is more important.
Security of any thick-client application running on the device. In case the
device is stolen, the hacker needs to have at least an ID/Password to access the
application.
Authentication of the device with service provider before initiating a
transaction. This would ensure that unauthorized devices are not connected to
perform financial transactions.
User ID / Password authentication of bank’s customer.
Encryption of the data being transmitted over the air.
Encryption of the data that will be stored in device for later / off-line analysis by
the customer.
Other than that, the One-time password (OTPs) was introduced by financial and banking
service providers in order to fight against cyber fraud. Consumers need to request OTPs
each time they want to perform transactions using mobile banking. When consumers’
request received, the password is sent to the consumer’s phone via SMS. The password
will expired once it has been used or once its scheduled life-cycle has expired. This new
security tool is more efficient and secure compared to traditional memorized password.
3.3 Handset Operability
Other challenge in the execution process of mobile banking is there is large number of
different mobile phone devices. For example, some devices only support Java ME
31 | P a g e
application, SIM Application Toolkit, WAP browser or only sms. The question is how
financial institutions or banks can offer services to the different types of devices? This
problem or challenge was involved interoperability issue where the solution is largely
dependent on the financial institutions or banks which installed the applications for mobile
banking service. Standardization of device use is needed to overcome the issue of handset
operability to perform transactions. All financial institutions need to standardize the
device to be used based on the ability of the device to perform tasks. Normally, to do the
transaction like transfer funds, customers need to have smart phones such as Apple iPhone
and RIM blackberry. And also, is needed for financial institutions to look at the ability of
local people to have that type of mobile phones.
3.4 Scalability & Reliability
Another challenge for the management of financial institutions and banks is to scale-up
the mobile banking infrastructure to handle exponential growth of the customer base. With
the common tagline “banking anytime and anywhere”, customers may be do transactions
through mobile phone in any part of the world. Hence, financial institutions need to
upgrade and always use the latest system that can meet the customers banking needs. The
system must have the ability to running in a true 24 x 7 fashion. In today’s high
development of technologies, the expectations of customers to mobile banking also
increase. The financial institutions that unable to meet the performance and reliability
expectations may lose customer confidence. Example of system that allows quick and
secure mobile enabling of various banking services is Mobile Transaction Platform. This
system was implemented in India and successfully meets the needs of mobile banking
consumers.
32 | P a g e
3.5 Application Distribution
Due to close connection between customers and financial institutions in mobile banking
service, customers may be having an expectation that, whatever upgrades or updates in
applications can be automatically downloaded in their mobile phone. It’s impractical to
expect customers to regularly visit banks or visit a web site to upgrade their mobile
banking application. However, there has many issues included before it can be
implemented such as to synchronize all dependent components.
3.6 Natural Limitations
Experience of banking using mobile device is not similar to internet banking. The main
different is the display in mobile phone is much smaller compared to personal computer.
This will limit the features that the banks want to show and viewing multiple accounts can
make the system doesn’t work. Other than that, typing in mobile phone is not similar with
typing at a computer keyboard. Customers sometime feel like doing data entry when they
want to perform transactions. Sometimes, because of phone have distinct look and feel,
the icons provided by banks lost and customer cannot fully look to all the information.
33 | P a g e
4. Discussions
In mobile banking, the close bank-customer relationship doesn’t be constructed any
longer. Hence, the question arises as to whether the bank’s fiduciary duties can be carried
out in mobile banking. For instance, the duties of diligence, advice, loyalty and
information, and cannot be fulfilled exactly in the same way like in traditional banking.
Due to the fact that these duties must be present in all types of banking services, a
satisfying way has to be found to incorporate them in mobile banking. The reason for
developing consumer protection standards depends on various aspects. On the one side,
customer identification is forced on banks for a public purpose, namely to combat money
laundering. On the other side, consumer protection is also in intensive light of banks. If
the bank acquires customer confidence, customers accept the mobile banking services
more easily. Specific concerns have been triggered in the virtual world in terms of
securing consumer protection. The banking industry recognises the need for transaction
transparency to promote confidence and acceptance of electronic commerce, such as
mobile banking.
The role of mobile operators on mobile banking
Banks and mobile operators have two different perspectives on mobile banking. Banks
view it as a way to enhance services to existing customers. Mobile operators, on the other
hand, focus more on reaching the mass market and unbanked.
Here we will only focus on mobile operators. There are options for mobile operators to
participate in financial services delivery:
34 | P a g e
The mobile operator can offer basic services where it can provide secure
communications services to financial service providers, enabling transactions. Thus, the
mobile operator will be in the role as an intermediary, relaying messages between the
provider and customer. It can also provide “mobile wallet services,” which manage the
flow of transactions between accounts as directed by the mobile customer.
The mobile operator may also host the accounts of third parties and authorize
transactions on their behalf. A third-party institution keeps the float, but account
management is delegated to the mobile operator.
The mobile operator may issue accounts where value can be stored before or after
the transaction. These are prepaid or electronic money or mobile accounts where basic
transactional deposit accounts are accessible from a mobile phone.
The most comprehensive option would be to provide mobile banking capabilities.
This would go beyond making and receiving payments and customer management of
accounts. This would entail using a broader range of products like credit and insurance.
There are advantages and core strengths that mobile operators have in providing
financial services, advantages that banks may not possess.
Network of physical retail outlets. Mobile operators do business with a greater
number of customers than banks. Thus, they have a greater number of retail outlets.
Secure electronic transaction captures capability. The mobile operator can offer a
customer service platform that is both secure and user-friendly because of
the mobile operator’s control of the subscriber identity module (SIM) card. SIM cards
identify a user on mobile telephony devices.
35 | P a g e
Transaction processing platform. The platforms for processing prepaid mobile
billing are simple since they do not need to support a high level of customer reporting
like monthly statements or regulatory reporting.
Incentives for mobile operators to offer financial services:
Additional revenues. Mobile operators can charge transaction costs.
Churn reduction. Mobile operators can reduce “churn”, or customer turnover, if
regular users of payments services stop switching mobile operators once they are
familiar with how the service works and have a bank account linked to their mobile
phone number.
Branding. A mobile operator can augment its brand positioning based on customer
service and innovation if it were first-to-marketing providing financial services.
Distribution cost reduction. Mobile operators incur substantial costs collecting
revenue from their customers. This could reduce distribution of prepaid cards.
The risks associated with mobile operators providing financial services. Mobile
operators possess vulnerabilities in offering financial services.
Breaches in data and transactional security. Accounting errors, fraudulent
transactions, and breaches in data privacy could expose the mobile operators to huge
liability and damage to reputation.
Operational focus. Its management’s core focus is its communications business.
Adding financial services may distract and stretch the abilities of smaller mobile
operators.
36 | P a g e
Additional regulation. Accompanying the ability to provide financial services
is compliance with financial regulation. Mobile operators may incur increased costs
to comply with financial regulations, adding to the oversight they already receive.
Customer care costs. There could be an increase in customer care calls that could
wipe out service profitability from service delivery.
Malaysia's mobile banking
Industry experts at the 12th Malaysian Banking Summit 2008 say not just internet banking
but mobile banking is set for further growth and expansion globally, reports The Star.
CIMB Bank retail banking head, Peter England, is quoted as saying that Malaysia had
successfully adopted Internet banking since 2000 and that mobile banking would follow
suit. There are many ways in which mobile banking can be supported through the mobile
platform. It could require users to download a Java application or it could be deployed
through WAP 2.0, SMS or even USSD (Unstructured Supplementary Service Data). Right
now, with mobile banking at its infancy in Malaysia, it's hard to tell which one would
work.
Customers with Java-enabled hand phones with 3G (third generation), EDGE (Enhanced
Data rates for GSM Evolution) and GPRS (General Packet Radio Service) connections
can gain access to the mobile banking service.
Malaysian developer SIMER chief executive officer, Mazlee Md. Ramli, said, “SIMER
Financial Solutions, launched at the CeBIT 2009 Exhibition in Hanover, Germany, was
currently being used in Malaysia and other countries. “SIMER mobile technology does not
37 | P a g e
use SMS (short messaging service) or WAP (wireless application protocol)—as used by
many current mobile banking applications—but an improved version of USSD
(Unstructured Supplementary Service Data) that will enable interactivity of users on
mobile similar to the ATM. Hoping that with the new system will reduce the fraud in
mobile banking.
An internet group which is on Facebook inform people about the scamming in Malaysia.
The initiator hopes that will help people avoid getting cheated and end up losing money or
what so ever. Anybody from anywhere is welcome to inform or share their news just to
hope to reduce the scamming cases.
38 | P a g e
Security Case in Korea
Here is the example of Korean security case of mobile banking. Even though the ratio of
usage in Korea is significantly high compared to other countries (Table), Korean
fraudulent amount is considerably low. The reason being is that internet banking in Korea
additionally adopts Public Key Certificates. At the same time, mobile banking adopts
same security system in Korea, even Smartphone which has uncovered a recent
outstanding security issue.
Figure 5: Usage of internet banking
Country Users of Internet
banking*(A)
Total Pop(B) The ratio of usage
(A/B)
China
(2009)
140,818,000 13,458,000,000 11.0%
USA
(2009)
50,700,000** 308,880,000 18.5%
UK (2008) 21,500,000 61,380,000 35.0%
Korea
(2009)
50,921,000 50,060,000 118.3%
(Source: www.cencus.gov. *by the customers of banks, **the number per household)
Figure 6: Fraudulent amount and security method
Country Period Fraudulent
amount (US$)
Security
Method
Source
Korea 2008 150,000 (8) Secure Sockets
Layer
Report of Financial
Supervisory Service, 1 ~ 8.2009 230,000(14)
39 | P a g e
+Security card
+ Public Key
Certificate
2009
USA 3rd Q of
2009
120,000,000 Secure Sockets
Layer + Security
card
Report of FDIC in RSA
conference, 2010
UK 2008 90,000,000 Secure Sockets
Layer + Security
card
UK Payment
http://
www.banksafeonlne.org.
uk/faqs/faqs_13.html
1st Half of
2009
66,400,000 Financial Fraud Action
UK, 7.10.2009
5. Conclusions
40 | P a g e
With the evolve of new technology, a closer understanding and analysis of mobile banking
risk is necessary, not to frighten off potential providers or to make regulators over-
cautious, but exactly so as to enable entities with appropriate technologies and adequate
processes to assume new risks. Mobile financial service clearly has great potential by
extending access to underserved people in developing countries. However, in the
developing world today and for the foreseeable future, most customers will have only
standard handsets. End-to-end security can be provided on standard handsets through
approaches such as SIM toolkit. This is important in order to expand the service to more
people, reach a larger segment that remain unbanked, and protect consumers by being able
to resolve problems quickly and thereby gain their confidence.
The development of mobile payments using mobile money will be shaped by two
contrasting issues: the reliability and security of transactions for customer protection. It
would be more secure to have compatible systems between the mode of transmitting
information from mobiles to banks, and compatible systems across countries if it is to
expand on a global scale. Given the newness of the service, different forms of mobile
money transfers are currently being implemented. Interoperability, both at the local and
global scale would offer significant value to customers, especially for developing
countries with large populations working overseas (GSM Association 2008). Standard
may have to be agreed upon to allow for exchanges between networks, within and across
countries. It would also need keeping compatible transactional records of customers using
both the bank and the mobile service. Serving the currently unbanked profitably and
sustainably requires a radically different approach.
41 | P a g e
Roles of mobile operators and banking industry are crucial and need to work hand in hand
to fight off the online fraud. Regulators and policy-makers need to ensure that evolving
systems serve the broader objectives of economic growth and development as well as
protect consumer interests, while creating an environment that encourages and rewards
innovation. With the number of mobile users increasing, it is time for a more efficient and
secure banking solution.
42 | P a g e
6. Recommendations
For Financial Institutions
i. Financial institutions that provide the mobile banking service should also provide a link
or contact information for customers to do report if they found any suspicious matters
related to security issues. It will prevent the problem from turn to worse condition and
be easier for them to get the information and find the solution.
ii. Educate customers about security issues in mobile banking and showcasing samples for
them to learn how to spot these activities. Knowledge gained can help to prevent them
from be a victims.
iii. In order to provide security in mobile banking, financial institutions should consider
choosing latest technology that can provide protection to consumers. For example build
extensive barriers to prevent hackers from accessing customers’ database. However, If
financial institutions chooses to use less secure technology, technical and operational
countermeasures need to be introduced to reduce the risk to the business and individual
clients.
iv. Establish Security and Fraud Control Unit to monitor all the transactions and access to
customers’ database to assure security for the data.
v. Financial institutions’ management plays an important role to develop a comprehensive
risk framework based on previous cases in order to find the best solution for security
issues in mobile banking.
43 | P a g e
For Consumers
i. Never to disclose PIN or password or any other security information to anyone.
Customers also advised not to write it down on front of someone or in paper. At the
same time, set a password to mobile phone to prevent it from being misused if the phone
being stolen.
ii. Avoid following any activity that makes your phone vulnerable to viruses and a soft site
for hackers or fraudsters to hog on. Never click any site or URL till you are not
confident and delete all the chain messages or the unwanted messages.
iii. Do not download any software if unsure about the security of the software to avoid
mobile phone from gets infected to any viruses that might use by fraudster to steal some
private information.
iv. Integrate mobile phone with the latest updates regularly to secure the sensitive
information transmitted or stored.
44 | P a g e
References
Aaron Emigh (2005) Anti-Phishing Technology. San Francisco.
Bankable Frontier (2008) Managing the Risk of Mobile Banking Technologies.USA.
Bank Technology News, Jan 2010. By The Numbers.
Digital Times, http://www.dt.co.kr/contents.html?article_no=2009050702012269729001
http://nicholasthomas.wordpress.com/2010/03/09/network-solutions-ssl-certs-are-not-
supported-by-smartphones/ (2:28, 01/10/2010)
Francois Paget, McAfee Avert Labs (2009). Financial Fraud and Internet Banking:
Threats and Countermeasures
Georgi F., Piknl, J. (2005). Mobile Banking in Deutschland
GSM Association [GSMA] (2008a) “Introduction to Mobile Money Transfer” Accessed
12 June 2009
Ion LUNGU & Alexandru TĂBUŞCĂ,(2010) Optimizing Anti-Phishing Solutions Based
on User Awareness, Education and the Use of the Latest Web Security Solutions.
Informatica Economică vol. 14, no. 2/2010
Joe Valacich and Christoph Schneider, 4th edition. Information Systems Today. NY, USA;
PEARSON
Juan Chen & Chuanxiong Guo (2007) Online Detection and Prevention of Phishing
Attacks. Institute of Communications Engineering. Nanjing, China.
45 | P a g e
Kelvin Chikomo, Ming Ki Chong, Alapan Arnab, Andrew Hutchison (2007) Security of
Mobile Banking.Cape Town, South Africa
Kwang Jin Park, Yeon Su Jung, and Dal Chun Kang, (2007). The study of personal data in
information communication network, Korea Information Security Agency, 31/12/2007
Mobije Banking, Fraud Monitoring Among The Top Issues. CREDIT UNION
JOURNAL. July 26,2010
Mobile, Net banking poised for more growth. The Star. June 6, 2008
Moore, R (2005). Cybercrime: Investigating High-Technology Computer Crime
Nicholasthomas, 2010. Network Solutions SSL Certs are not supported by Smartphones.
O. Gunter (2004) The Phishing Guide: Understanding & Preventing Phishing Attacks.
Policy Res (2006) 12:299–323 DOI 10.1007/s10610-006-9025-0 KISA. May. 2010
Privacy and Personal Data Protection, www.oecd.org/sti/security-privacy, OECD 01/2007
and http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.
html (03/12/2010)
Rajnish Tiwari and Stephan Buse (2007). The Mobile Commerce Prospects: A Strategic
Analysis of Opportunities in the Banking Sector
46 | P a g e
Rajnish Tiwari, Stephan Buse and Cornelius Hersitatt (2007). Mobile Services in Banking
Sector: The Role of Innovative Business Solutions in Generating Competitive Advantage
Rapport, M. (2010). Mobile Banking Security: New Problems and Old Face Emerging
Channel. Credit Union Times, 21(35), 19. Retrieved from Business Source Complete
database.
RSA Online Fraud Report, May 2009. A Monthly Intelligence Report from the RSA®
Anti-Fraud Command Center.
Sangwan Park, 2010. The environment change of smart phone and Public Key Cetificates.
Teller Version, May 2010. Offer Customers Advice on Mobile Banking Safety. Teller
Vision [serial online]. May 2010 ;( 1393):4-5. Available from: Business Source Complete,
Ipswich, MA. Accessed October 1, 2010.
Supriya Singh, 2006. The Social Dimensions of the Security of Internet Banking, Journal
of Theorical and Applied Electronic Commerce Research, August, vol. 1, Univerdidad del
Talca, Chile
Tom Vander Beken and Annelies Balcaen,(2006). Crime Opportunities Provided by
Legislation in Market Sectors: Mobile Phones, Waste Disposal, Banking, Pharmaceuticals.
Eur J Crim
47 | P a g e
Youngsam Yun and Suk Park, (2008). The prospectus and issues of mobile banking. The
research center of Industrial Bank of Korea, Issue analysis 2008.7, 21/7/2008
2008 CSI Computer Crime & Security Survey.
http://www.cse.msstate.edu/~cse6243/readings/CSIsurvey2008.pdf
Malaysia Anti Fraud NEWS CORNER.
http://www.facebook.com/group.php?gid=69719929984
http://www.gsmworld.com/documents/GSMA_Introduction_to_MMT_0908.pdf
Privacy and Electronic Communication (EC Directive) regulations 2003
48 | P a g e
