Wednesday, March 2, 2011

Temporal Juxtaposition - The future of mobile banking

E-mail from a colleague:

So, within minutes of one another:

Roundtable's Pitts: Mobile Will Connect Channels, Improve Security

"Mobile and banking fit together like chocolate and peanut butter," says Jim Pitts, project manager of the Financial Services Technology Consortium, the technology solutions division within The Financial Services Roundtable.
[ ... ]

Google Kicks Rogue Apps Out of the Android Market

"[ ... ] Before their removal, the apps garnered between 50,000 and 200,000 downloads. The apps caused the phone to perform functions without the owner's consent. The Trojan embedded in them used a root exploit to access all of the phone's data and download malicious code.

The publisher has been removed from the Android Market completely, and its apps reportedly have been deleted from phones, but this won't remove code that has been back-doored into a phone's program. Google reportedly is working on that problem.
[ ... ]

Awesome. We are going to bet our financial future on a rootable platform. I wonder how that will turn out.

I’m feeling déjà vu.


  1. Let's compare the banker's stance to the Payment Card Industry's assessment of mobile application security:

    > Until such time that it has completed a comprehensive examination of the mobile communications device
    and mobile payment application landscape, the Council will not approve or list mobile payment
    applications used by merchants to accept and process payment for goods and services as validated PA-
    DSS applications unless all requirements can be satisfied as stated.

    In other words, "we're not touching that just yet."

  2. In that case, I assume that all mobile payment applications are non-compliant, and that anyone using them to accept payment is non-compliant.