Banking data protection and the red herring of mobile banking vulnerability

(Editor’s note: contributed blogs like this are part of ChannelBuzz.ca’s annual sponsorship program. Find out more here. This article was authored by Matt Geer, director of strategic market development at Avnet Embedded.)

Matt Geer, director of strategic market development at Avnet Embedded

Matt Geer, director of strategic market development at Avnet Embedded

I was born in the borderland between two generations.  By some measures, I am a member of Generation X, though “real Gen-Xers” would never consider me of their tribe.  Being born in 1979 doesn’t afford me with quite enough street cred as though seeing Star Wars in the theater or having any memory of disco establishes credibility.  By my own measure, I am not a Gen-Y statistic, though I have been using electronics my whole life and most of my favorite music is from the 90s.  Still though, I grew up with an MTV that showed music videos, I owned the Top Gun soundtrack on cassette, and I was around when my very small town got its first stand-alone ATM.   Maybe not it’s first one, who can remember, but it was a big deal.

I remember wondering, as a child in the 80s and having seen plenty of television depicting elaborate jewel heists and daring bank robberies, why didn’t the bad guys just break into the cash machines?  After all, they are everywhere, out in the open, seemingly vulnerable to unfettered attack.  To a child this seemed all too easy, and if you had asked my 8-year-old self?  I would have surely told you that the ATM was a bad idea for banks and a good idea for crooks.  Of course I was wrong.  The ATM for all of its exposure was a vault in miniature.  Immoveable, impenetrable and very difficult to interfere with undetected by anyone within view. The ATM was a terrible choice for crooks and a great idea for banks.  It’s a good thing my 8-year-old self was neither a banker nor a crook.

Today, after considerable time improving upon my banking and technology acumen, I am what can be favorably described as an expert on banking technology for a really big technology company that does a lot of business in the banking industry.  My silly concerns about the vulnerability of ATMs have shifted to concerns about other ways that banks are vulnerable.  Instead of worrying about how to keep cash safe, I find myself talking at conferences and trade shows about protecting a much more valuable asset: customer data.  By now this is no revelation.  We all know how and why customer data is so valuable, what we don’t seem to understand is how or why it is vulnerable.

This is where my faith begins to fade.  Aside from people today eschewing technology in an effort to be ironic or, I suppose, “hip,” I also frequently run into those who fear using their bank’s mobile app as though it will certainly invite a hacker to steal their money.  Some of these people also avoid shopping online or using electronic bill pay for the same reason.  I often learn of this over a business dinner or drink where they eventually hand over a credit card with no concern whatsoever about the journey it will take while out of their sight.  I know others who feel paper checks are more secure for major purchases despite that physical check containing literally every piece of information required to clean out the checking account via EFT.

The way we treat our payment data is one thing, but the ways we choose to interact with our bank, sadly leave much to be desired.  Have you ever heard a stranger on the phone rattle off a name followed by a bunch of numbers and a strangely unique word?  Have you forgotten to obscure the view of passers-by when typing your ATM PIN?  Ever worry that the person at the teller station next to you is eavesdropping on your transaction?  How much potentially sensitive data do you accidentally share every day?

If only there were a way to interact with your bank or even make purchases with a device that incorporates biometric access controls to safeguard banking applications that themselves utilize the latest in military-grade encryption to protect the data being exchanged between the device and the bank?  Surely if this magical technology were to exist, it would be the toast of security-minded banking customers the world over.  Surely…  Or maybe not.  In an environment where customer behavior is the single greatest tool in preventing data-related financial crime, we live in a world where the most secure methods are seen as the least secure and the people who should know better are perpetuating the problem.

More often than not, sensitive data loss happens as a result of lost or stolen equipment like a company laptop or an employee’s mobile device, a network infrastructure breach or simple employee theft.  When it’s not one of these things, it is almost certainly a failure of the customer to secure their own information out in the world.  What it isn’t: mobile banking.

Banks have a very difficult task in protecting customer data.  They need help securing their infrastructure from outside attack.  They need help managing and tracking their electronic assets.  They require expertise in developing policy and procedures that will simplify and strengthen their information security regime.  They need a better-educated customer base.  For now, though, I know many of them would simply like a VAR that knows the difference between mobility in a bank and mobile banking.

For more information about the state of data protection and a look at some needs and opportunities, get this immediate download now.

Avnet Technology Solutions connects solution providers to the leading-edge technology, resources and expertise they need to provide comprehensive security solutions that account for everything from unique workflow requirements to industry regulations for privacy and data-loss prevention.