And standard methods of user ID authentication become primitivewith this jump, a Forrester Research analyst said, at the same timeas demands for robust and commercial services will require moresecure entry ports into mobile systems.
|"To be trustworthy, mobile transactions need to be secure, whichrequires that customers be rigorously identified andauthenticated," said the think firm's Bill Nagel.
|Nagel and his team of Forrester analysts see the future ofmobile security via subscriber identity module card-based, versusnetwork-driven, mobile signature authentication.
|This method of authentication (SIM) is already doing wonders inFinland due its capability to generate identity-dependentauthentication, Nagel said in a report. Still, this method ofsecurity--while easy to use--remains difficult to implement, hesaid.
|The alternatives, however, might warrant the time investment.Current methods rely highly on device-specific operating systemsand interfaces, simultaneously creating user interface and securitynightmares, the Forrester report said. Those concerns aremultiplied by the number of devices and carriers accessing themobile Web.
|The preferred implementation of SIM-based security lies inPKI-based (public key infrastructure) certificates stored on adevice's SIM card. These security authenticators allow individualmobile users to acquire unique digital signatures even for sitesand applications being accessed for the first time.
|"Digital certificates issued to a reliably identified person notonly allow customers to authenticate themselves to a serviceprovider like a bank, thus securing the mobile transaction, butenables the delivery of new features and services like credit andloan applications, all over the air on a mobile handset," Nagelsaid.
|This wireless PKI, or WPKI, method has a distinct advantage overexisting authentication systems, the Forrester report said. Sincedigital certificate generation is SIM-card driven, identityinformation is transferred via secure short message service (SMS)text applications, not potentially vulnerable smartphone software.Due to the efficiency of SMS exchanges, Nagel said he believes thelikelihood of identity breach to be far lower than viasmartphone-driven systems.
|There is, however, yet another catch. Banks and credit unionsare not familiar with WPKI or how to integrate it with existingbanking systems, the Forrester analyst said. Some banks in Asia andEurope have even turned to creating their own WPKI systems toovercome this obstacle.
|Moreover, there is a technological learning curve inherent usinga WPKI authentication system, making this transition a potentiallydifficult one for end users, the Forrester report said. There'salso a simultaneous issue of device and carrier churn, creating aconstant need to update existing WPKI systems to match.
|Despite these obstacles, Nagel sees WPKI as a win-win situationfor both institution and consumer. "Mobile signature commercialarrangements generally allow banks to do what banks do best:provide secure credentials and facilitate financial transfers."
|Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
