Either in the mobile or online process, if we secure them with corresponding security softwares it means that the process would be more secured, try with mobile and internet security software like combination

I think security (aside from the transmission of secure data piece) is best implemented in a way that enables the user to be secure. Instead of doing everything for them, give them the tools to do it themselves and you'll end up with a much better result.

Take the old banking paradigm of large granite buildings with huge columns and thick walls. This part of a bank's security isn't hidden away, but paraded out in the open for everyone to see. This reminds customers not only that they are putting their money somewhere secure, but also that it is necessary to keep their money secure. Every time they go to the bank, they are reminded of this.

Really ?

What else is Pete Daffern going to say. The fact is that Android phones are highly susceptible to viruses and man-in-the-middle attacks: aka Zeus virus. McAfee and alike are already citing the significant increase in mobile viruses and trojans. Like the PC world, mobile is a roaring emerging target for hackers.

Face recognition on Ice Cream Sandwich works as well with your face, as it does with a photo of your face, aka it is not secure.

Finger scan enabled mobile phone will make a difference moving forward however clearly this is dependent on take-up and whether the financial sector builds the appropriate solutions to support the technology.

Bottom line, we haven't yet seen the tip of exposure and hacking on the mobile platform. It's coming.

- Biometrics and Mobile Specialist

As a technologist, I find it hard to disagree with the comments about the challenges of cyber threat nor the nascent nature of biometrics on US devices but I didn't read Pete's position as stating that mobile somehow automatically overcomes the threats associated with technology and commerce. There are, however, natural elements of a mobile platform and its use that allow us to craft a layered security approach that does provide greater security than would be normal for traditional internet banking.

By combining the greater consumer awareness provided by the "wallet like" relationship with our device, the evolving technology support for more effective lockdown of those devices with multi band communications methods (to notify the consumer of "man at the end" or "man at the middle" attacks, as well as non-mobile fraud attacks) it is possible to create a layered network of security elements that, when combined, deliver a more secure experience that is present in most online models.

We will have to continue to be vigilant and evolve the model as the threats evolve. But it should not be hard to see that mobile has some interesting advantages to create an appropriate security model which can be used to augment the overall consumer banking experience.

Clairmail CTO

Mobile devices are as susceptible to hackers if not more. How often do people loose their cell phones? I would say way more than when they loose their laptops. And on the security in. The problem with all security online is that they use an out dated methodology, username and passwords. The key to security is always a layered approach. 3-factor authentication would be one of the best methods with biometric as an additional security feature. Digital certificates using PKI(public key infrastructure) would be my suggestion. Banks will tell you that they can't guarantee you that your account want be hacked. The reason is simple, "plausible denial ability". Banks are afraid of being sued. They are simply in the business of making money. So they will do the minimum required by law to secure your login access. The only way to make them increase their security is by the "force of law". It will take an act of congress to make them conform to a more robust security methodology. And the bank lobbyist will fight that every step of the way.

- CA Administrator

Assuming you access online services your mobile phone can use all the industry standards to make the data transmission secure. If the App you are using verifies the certificate of the other party you have a secure channel (TLS) that is just as good as on your PC.

If you throw in RSA keys, session tokens and online (towards server) verification with 3 strikes your out policies you have “removed” the brute force risk.

In addition; a mobile phone gives away more data than your PC, which in turn can be used to make the communication even more secure. Where are you, what is your normal pattern when accessing the services, are you on a telco or public wifi IP etc. There is a lot of stuff that can happen behind the scenes to make mobile transactions more secure than on your PC.

Now; you are more likely to get lured into social engineering situations on your phone as its so accecible and the screen is smaller and the interaction is faster. An SMS that asks you to click a link and give away your password will happen more often on your mobile (in the future) than it now happens with phishing emails on your PC. That problem will never go away, and stupid people will get trapped as they give away sensitive information to scammers.

Mobile transactions are technically safer than on your PC as there is more and accurate data available when you connect. Technically they both support the same level of security, but the app running on your phone can use certificates and RSA keys to make it as secure as you can get it. Your PIN or Passphrase will always be a desirable thing to steal, regardless of terminal.