Saturday, November 27, 2021

Wireless security getting better: Analysts

Security for wireless banking transactions does have its weaknesses, but banks and users can bolster security protections, analysts say.

“Security is not a reason to slow down growth of wireless banking, but it is a responsibility of the (banks) to continually improve so they don’t get embarrassed by loss of (personal identification numbers) or passwords,” says Alan Paller, director of research at the SANS Institute in Bethesda, Md.

Paller and two other analysts say that wireless transactions are vulnerable to hacks at the Wireless Application Protocol (WAP) gateway server, which sits at the site of the wireless carrier today.

The current WAP standard, WAP 1.1, “leaves much to be desired,” but WAP 1.2 is “much better” for security, says Alan Reiter, an analyst at Wireless Internet and Mobile Computing in Chevy Chase, Md.

WAP 1.2 will be updated later this year, allowing wireless carriers to transport encrypted wireless data through the gateway and out to the desired Web site, such as a bank. Today, that encryption is dropped momentarily as the data is converted from WAP to the wired world, analysts say. Even that moment is enough time for a skilled hacker to retrieve such data as credit-card numbers and passwords, analysts say.

When WAP 1.2 is more fully implemented, the gateway server can be placed at a bank’s premises, which is more secure than at the phone company’s premises, says John Pescatore, an analyst at Gartner Group Inc. in Stamford, Conn.

Pescatore, Reiter and banks say something more than a user name and a password should be required to authenticate smart phones or personal digital assistants. For a company treasurer, two smart cards that interact with a wireless device to authorize a money transfer of great value might be necessary, Pescatore said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News