Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

11:15 AM
Jonathan Camhi
Jonathan Camhi
Connect Directly

How Banks Can Leverage Mobile Network Operators for Security

Mobile network operators are starting to take steps to open up their security infrastructure for other enterprises to leverage.

Some banks are already using mobile network operators to help secure customers’ access to their accounts, says Joe DiFonzo, CTO of Syniverse, which helps connect different mobile networks worldwide. A simple example of this would be if a bank sends a short authentication code to a customer’s mobile device when they log into online banking from a new computer.

“The telco networks are pretty hard to hack and in these cases the network becomes an authentication factor,” DiFonzo explains.

In the future DiFonzo says he expects banks will be able to integrate the security of those mobile networks into their mobile banking and payments apps as well.

“When organizations work to integrate mobile networks into their mobile experience then they have all of that network’s mobile security infrastructure working for them. You’re leveraging AT&T, T-Mobile or another network to protect against hackers,” he remarks.

Although the networks have previously been a rather closed community in terms of sharing their security capabilities in this fashion, DiFonzo reports that he sees network operators opening up to this possibility lately by allowing developers to integrate the networks more into apps.

“They want to open up and prove the security benefits of connecting to their network,” says DiFonzo. “They’re looking for more revenue streams, and using their network with it’s security and guaranteed performance, which the internet doesn’t provide is one way to do that.”

I found a similar interest among telcos to offer the security of their networks when I was in Canada last month reporting on mobile payments initiatives there. The major Canadian mobile carriers banded together and formed a company called Enstream, which enabled Canadian credit card issuers to securely move their customers’ encrypted card credentials through the telcos’ networks to the SIM cards on customers’ mobile devices.

[For More On Mobile Payments in Canada, Check Out: Mobile Payments Heat Up in Canada]

The telcos created a secure element in the SIM cards to store those credentials, which they charged the issuers for, Almis Ledas, Enstream’s COO explained.

This system is not dissimilar from what the U.S. telcos have done with Isis, which also allows card issuers to get their card credentials on mobile devices. But to get their cards in the Isis wallet the issuers have to agree to allow Isis to manage those credentials. Enstream instead allows the issuer to continue to manage the credentials, and simply provides the space to store them, Ledas shared.

So the issue is trust and control. Are banks and telcos willing to trust each other and give up some control over their customers to enable new capabilities and improve security? The Canadian banks and telcos found a compromise. It remains to be seen if the same can happen in the U.S.

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.