Online Transactions Through Smartphones And How They Affect Internet Security

This is an interview of Vicente Diaz, the Global Research and Analysis Team Executive carried out by Kaspersky Daily in Barcelona last month. The purpose of this interview is to discuss the latest trends and news presented in the Mobile World Congress 2014. Kaspersky provides a wide range of internet security related software for corporations and individuals. Also, Kaspersky coupons are available for discounted prices.

Now, let’s move on to the interview:

Question: There are a lot of devices that are announced this year on mobile congress and the major trend is that everything goes mobile; People are saluting their computers as they daily use their tablets and smartphones. What is your opinion concerning the fact that people more and more make online transactions from their phones? How does this change the security landscape?

Answer: Having more different devices, basically it is making bigger the attacking vector for the hackers. Hackers see new opportunities, they have newer technologies available and also mobile payment systems are giving the attackers a new target for committing fraud. Because of my job I always see the inside and all the dangers as they shape with the new technologies.

Question: What about specifically the financial systems? All those mobile payment systems assume that every operation with your bank and your electronic wallet is done by phone. Is it really secure?

Answer: Basically, mobiles have the same problem with computers. To make it worst, the use of adware that the mobile could be infected and also we are not having a second factor of indication in this kind of devices. Previously we were using the computer for making the transfer and then we were having e.g. a confirmation sms in our mobile for making the transaction valid. But now we have everything in the mobile so if an attacker has access to our device then he is having access to everything.

Question: Is there any solution to this problem? What is the primary tactic?

Answer: I think the best solution is to apply as many layers of defense between you and the attacker and that includes not only a security for the device but also having a complete framework in these days, like that which we propose that includes a C.K. for applications, behavioral analysis, clientless security based on the different actions that the victim does against the bank. So we help the bank to protect themselves, to detect fraud and we help the users to protect their device. This kind of complete and multi-layer approach is the best solution.

Question: One of the hot topics of the Mobile World Congress 2014 are binary solutions. The first one was introduces by apple, the fingertips scanner, and now we see it is the same scanner in Galaxy 5 and now there are many start-ups which provide different kinds of eye recognition. Many companies now propose to replace old authentication types like passwords, using your face or fingertips. Does this improve security?

Answer: I think there are two sides on this matter. The first one is that we have seen passwords are not enough. they are not a very good security solution for many reasons. We see how they fail over and over. So, introducing some kind of biometric technology it may solve the problem. However, probably these days everybody is concerned about their privacy. Putting all your biometric data in the internet I am sure that many people will react. Therefore we should find a balance, like some biometric data that everyone is comfortable sharing, probably our faces since this happens naturally anyway, but we should combine this with something else. It’s really a controversial issue. We are very concerned about privacy now.

The more we investigate and the more we talk about this is positive and taking us towards a good direction for providing us more security that the conventional method of passwords.