"There is nothing that can be done to stop attacks happening once mobile devices become viable mechanisms for financial transactions. However, this somewhat pessimistic verdict is not a reason for financial institutions to shun mobile transaction services," the Aite Group analyst says in a new report.

"On the contrary, the opportunity is so great that it would be extremely foolish for them to do so. The emerging mobile transaction channel will suffer from fraudulent attacks but, as with online banking and e-commerce, the end user will become increasingly adept at filtering legitimate from fake, and the channel will evolve trust mechanisms that aid the customer in this process," he says.

The key is for financial institutions to get started early, to shorten the learning curve for providers and consumers alike, which Holland says "will lessen the exposure to mobile fraud when it does occur."

"End-user trust in the mobile channel will be driven by experienced and savvy financial institutions that are capable of anticipating the threats that lay around the corner," he says.

That said, mobile banking also must overcome some other barriers for widespread adoption. Just recall the failure of the first iteration of mobile banking several years ago, efforts plagued by balky software and slow data transfers.

Although the new software and devices are far faster and more facile, the most robust of current banking solutions do little to distinguish themselves from Internet-based offerings, Holland argues, leaving little incentive for a mobile customer to opt for the smaller screens and watered-down version of banking easily accessible from any laptop or desktop PC.

Still, Holland argues, these weaknesses will soon give way to what he calls "Mobile Banking 2.0," a robust collection of banking solutions far beyond existing packages. As a result, 75% percent of mobile Internet users, says Holland, will be regular mobile bank customers by 2010.

Of the eight banking vendors Aite Group surveyed earlier this year, all already offer intra-bank fund transfers, bill payment, and wireless peer-to-peer (P2P) transfers. In three years' time, all eight likewise aim to augment these services with contactless payments, electronic couponing, over-the-air (OTA) card provisioning, and mobile commerce.

"With these services, the mobile phone becomes an analog for both the physical-world wallet and the online-world payment portal," Holland argues.

Along with such potency, however, come an equal number of challenges. Arguably the greatest, according to Holland, lies in changing user perceptions about cellphone use in general.

"Mobile subscribers will find it initially difficult to think of their phone as analogous to a wallet or credit card. An attitude shift will be required before end-users see the mobile phone as having value beyond its physical worth."

Such value comes with security risks in tow. Increased access equates to greater entrees by hackers, as mobile phones operate on robust cellular networks featuring voice, SMS, MMS, e-mail, Web browsing and instant messaging capabilities. All are potential gateways for hackers into mobile banking user data, analysts say.

The lack of standardization both among mobile carriers and phones only exacerbates this problem. Malware–customized software viruses now primarily targeted at PCs–can find similar homes on mobile devices, rendering them useless. Without standardization, identifying stopping such viruses is no small feat.

The same parallel exists via email phishing scams, where, by some estimates, 84% specifically target financial institutions. These scams, says Holland, would be a natural fit for mobile devices.

Unfamiliarity in this case can breed vulnerability, the Aite Group analyst says, as new software and security measures, along with new displays, could create a vulnerable end user.

But, Holland points out, this same lack of standardization is arguably mobile software's greatest defense. Most mobile banking software relies on customized, downloadable Java-powered applications. These applications are registered to a lone user, backed by several layers of additional security unique to that person plus device.

In sum, Holland and Aite Group suggest financial institutions take an aggressive approach to mobile banking's next phase. Such an approach will shorten the learning curve and educate consumers to spot fraud attempts if and when they occur.

–[email protected]