How to protect the financial assets online

If you have a mobile phone in your pocket, chances are that you are using it to accomplish
other tasks than just to talk to your friends and send text messages. If there’s a need, there’s
an App for that. Micropayments have already been used in conjunction with SMS messages
to pay for local transport or at vending machines, but now the mobile phone is becoming a
wallet, a credit card and a payment tool. With the mobilization of banking applications you
can transfer your credit cards and banking information to the phone and use it for payments
and financial transactions, where ever, when ever. But with great opportunities comes great
need for beefed up security.

Moving from fixed to free

The modern world is becoming more and more mobile everyday as the applications move to the smart phones, and our daily routines include increasingly the use of mobiledata networks and smart phone apps. The proliferation of smart phones has already gone over 50% in some markets.The US just went over 100 million smart phones and in the UK the percentage of users reaches closer to 60%. The year 2011 marked the first year when smart phones took over the computers in sales figures. So we are going from the fixed to free and mobile.

Mobility gives us the freedom of accomplishing tasks whereand when we choose to. The mobile phone is becoming aconvergence point of several different separate uses, thatbefore required either a dedicated hardware, or a desktopcomputer. We are also buying much more small apps thanwe did for regular computer software. We have casualgaming with our mobile phones, digital photography,navigation, translation, music, flashlight, e-mail, videos,weather, social applications, and the list goes on and on.

Valuable function for all things mobile: Signature

The mobile phone has a Secure Element to ensure the integrity and security of its operations. The Secure Element, be it the SIM, microSD or an embedded Secure Element, provides protection for our most valuable asset – identity. Typical identity is a key pair that is protected by a PIN code. The important thing here is to secure this identity, so that e.g. the PIN code can’t be easily discovered. So, the critical parts should all go to the secure element.

By storing each individual’s identity in an electronic format into the Secure Element, identity theft and fraudulent transactions can be prevented. Each person can use their Mobile ID to securely sign documents and confirm transactions. The threat of malicious attacks and hacked central password databases is removed. The end user can’t disclose her identity even by mistake as it is stored in a tamper resistant environment.

Protecting your money

Enabling a remote channel to financial services opens a door to digital and online crime. Worldwide figures are staggering, with the UK banks alone reporting financial losses from online crime at £16 million in the first half of 2011.Service providers are often too reluctant to put in the right security measures for fear of complicating the customer experience and hindering adoption. The great advantage of Mobile ID is that it is extremely easy to use, and very secure, with virtually no disruption to the user experience. Actually, Mobile ID is one the few security measures along with One-Time-Passwords that offer good security and ease-of-use.

In a new mobile banking pilot recently launched in Austria based on iPhones using a microSD in a sleeve, transactions below €20 do not require any security measures. Transactions above €20 require a passcode, while the upper limit of transaction value remains undefined.

The fact is that when you conduct financial transactions that can have a real impact on your finances, you want them to be secure, and signed so that they cannot be repudiated at a later date. Already in Europe, US, and in India there are legal precedents that show the need for digital signatures. In all cases, the customer repudiated the transaction, the service provider could not present evidence of a digital signature, and the customers won the case. Legal protection from digital signatures is not just for the customer, but also for the service provider – it protects them both.

Mobile Banking surely requires security, and banks have defined the authentication criteria for each type of transaction:

Valimo Mobile ID to protect your most valuable assets

Valimo Mobile ID is a highly secure mobile authentication and signing solution that helps protect your number one asset - your identity, when conducting transactions online or from the mobile device. The keys that essentially link you to the electronic world are created in a tamper resistant environment, typically in a SIM/UICC card. These keys never leave the environment, making identity theft impossible. The key generation and registration is quick and painless, making the deployment of the Mobile ID easy enough for the end users. The Mobile ID can even be deployed to the Secure Element over-the-air using a Trusted Service Manager (TSM).

The second most valuable asset, namely your money, will also be well protected with Valimo Mobile ID. Since the solution is based on public key infrastructure, which is the only way to achieve legally binding signatures, it offers a convenient and secure way to protect both the end user and the financial service provider through transaction confirmations. The confirmations are signed digitally and thus cannot be repudiated at a later date. Also the fact that your signature device is your mobile phone means that even if your computer is compromised, your money is protected – nothing can leave from your account without your explicit approval using your mobile phone.

Valimo Mobile ID is easy, interoperable and offers a very good value propositions to anyone who wants to protect their assets.

Nothing to see here - the credentials are in the mobile phone, the plot fails
Might fool the user to a wrong site, but as the transactions are confirmed through the mobile channel, the plot fails

Attachment	Description	Size
MobileID MFS		1.77 MB