mCommerce, or mobile commerce, refers to financial transactions conducted via smartphones or other mobile devices. But are mobiles really meant for financial transactions?

While about a third of mobile phone users remain unwilling to dabble in mCommerce due to identity theft concerns, the majority of users are apparently comfortable making purchases with their phones, just as they would with a PC.

mCommerce’s strength is the variation between mobile operating systems and handset technologies from different manufacturers, which makes it difficult for criminals to create and distribute mobile malware. Additionally, mobile carriers’ networks have higher levels of encryption, making it more difficult for a hacker to access a 3G connection, for example.

Handset manufacturers, application developers, and mobile security vendors continue working to improve mobile security. Banks are offering a consistent sign-on experience for both their online and mobile channels, including multifactor authentication programs for mobile.

Consumer Reports estimates that almost 30% of Americans that use their phones for banking, accessing medical records, and storing other sensitive data do not take precautions to secure their phones.

Download a mobile security product such as McAfee Mobile Security. This is particularly crucial for Android users, as Androids tend to be more vulnerable to attacks.

Use your carrier’s 3G connection to send sensitive information, rather than Wi-Fi.

Use your bank’s dedicated mobile application, rather than accessing their main website via mobile device.

Set your device to lock automatically after a set period of time.

Invest in software that can remotely lock, locate, and wipe a missing mobile.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

A colleague with a small business was cleaning out his warehouse of tools and supplies and decided to list many items on Craigslist. I have lots of experience in this process and I can tell you “It’s always something”.

An application called “CraigsPro” allows you to go through your items snapping pictures and creates a simple Craigslist advertisement within a minute.

One item he was selling was a portable generator. He got the following email and sent it to me:

“Thanks for the prompt response,i will like to proceed with the transaction asap and my mode of payment will be via Bank certified check. However, to ease the pick up the item will be picked-up from you by my shipper once you receive and cash the check,i am willing to wait for your bank to verify and clear the check before the shipper pickup the item therefore I’ll need this detail below to mail out the check.

* The Full name on check
* Mailing address (Deliverable Address)
* Phone Number

Proceed to delete the advert of this item if my mode of payment is accepted and get back to me asap with your details to mail out the certified check to you.

Thanks

Keith This email address is being protected from spambots. You need JavaScript enabled to view it.”

My friend responded with his address for the “buyer” to send a check. Within 3 days via Federal Express an actual check came in the mail for hundreds of dollars more than the item was listed for. The additional dollars were supposed to pay for the shipping costs.

If my friend was to deposit thebogus check the funds would have shown in his account within a few days, thereby prompting him to mail out a business check to thecraigslist scammers. But once the check was determined a fake by the issuing back the funds would have been removed from his small business account.

To prevent overpayment scams never fall for advanced fee shipping scams. They are so obvious.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

It’s Tuesday morning after a long weekend, the bookkeeper comes in a little late but hits the books right away. She comes into your office and asks you about a series of wire transfers you made over the holiday weekend to new employees who apparently live overseas. And then your heart sinks. Because you have heard about how small business bank accounts are hacked, but didn’t think it would happen to you.

It’s happening to the tune of around 1 billion dollars a year. Small business bank accounts are being hacked and the banks are pointing the finger at their customers. Why? Because in many cases there are no actual data breaches at the banks. Cybercrime is often taking place right in the small businesses offices on their own PCs.

Blooomberg reports “Organized criminal gangs, operating mostly out of Eastern Europe, target small companies, school districts and local governments that maintain fat commercial bank accounts protected by rudimentary security measures at community or regional banks. The accounts typically aren’t covered by insurance as individual accounts are.”

However one bank fought back and won. iovation reports “one Michigan judge recently decided in favor of Comerica Bank customers, holding the bank responsible for approximately $560,000 out of a total of nearly $2 million in unrecovered losses. A copy of the bench decision is available from Pierce Atwood LLP, and the firm also outlines significant highlights and observations regarding this cybercrime case.

Small businesses are under siege today and must know their bank accounts are being targeted by cyber-thieves. One solution is certainly a secure IT infrastructure and another, in some cases, may be moving to a bigger bank. Some smaller banks simply can’t handle the loss whereas bigger banks may have the resources to absorb them. If you bank with a small bank now is the time for a heart to heart talk.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

As consumers have overwhelmingly flocked to purchase smartphones—149 million were shipping in Q4…a 37% increase over Q4 2010—mobile operating systems from the likes of Apple, Google, and Microsoft are becoming big targets.

Malware, which consists of viruses, spyware, scareware, and other digital infections designed to steal data, is known to be a serious issue for PCs. And in response, there are complete security solutions that include antivirus, anti-spyware, anti-phishing protection, anti-spam and firewall protection. As smartphones gradually eclipse PCs in usage volume, criminals will direct their malware efforts toward mobile devices. But at present, the world of mobile security offers very few options.

According to McAfee Labs™, “nearly all the types of threats to desktop computers that we have seen in recent years are also possible on mobile devices (parasitic viruses may be a notable exception for modern mobile OS’s, more on this below). Moreover, we are bound to see threats readapted to mobile environments and, unfortunately, we are also likely to see new kinds of malware that target smartphone capabilities that are not available on desktops.”

Now would be a good time to install a mobile security product on your smartphone.

Robert Siciliano is an Online Security Evangelist to McAfee. 

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

USA Today reports that the number of NFC handsets is set to increase from about 34 million this year to about 80 million next year. Gartner estimates that growth in handsets will exceed 100 million in 2012, and that that 50% of smartphones will have NFC capability by 2015.

The short list of big players, which includes Google, Citibank, MasterCard, Gemalto, First Data, VeriFone, Samsung, Sprint, AT&T, T-Mobile, Verizon and Isis, are all deploying some version of a mobile wallet. Isis’s website promises, “Mobile wallet will eliminate the need to carry cash, credit and debit cards, reward cards, coupons, tickets, and transit passes, fundamentally changing how you shop, pay, and save. All with your phone.” And all powered by NFC.

NFC can also be used to connect online gamers. Within social networking websites, NFC can facilitate the distribution of coupons that can be scanned at in-store terminals.

Soon, we will see online retailers embrace the potential benefits of NFC in order to create effective loyalty programs, supported by online advertising and social media campaigns

With full deployment, near field communication will make every day transactions incredibly convenient. If you think your cell phone is your everything today, wait until you see what’s coming next!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Security Alarm System: No matter what kind of business you are in, there is something of value within your facility that a criminal will fence for drugs. Everything from products you sell, to warehouse items, maintenance tools, phone systems, office furniture, computers and the company safe.

Security Cameras: Whether you are protecting the perimeter of the property from vandals or thieves or protecting the inventory from theft, or even the cash register from sweethearting or robbery, security cameras are an essential component to any small business security system.

Business Continuity: Having a data backup locally is essential. Having a data backup in the cloud is fundamental. And having a backup for all your network operations either at a remote facility or accessible in the cloud is an insurance policy no small business should do without.

Secure Information Technology: A comprehensive information security plan that involves encrypting all sensitive data, ongoing critical security patches, antivirus protection, antispyware, firewalls (both software and hardware) and a secure Internet gateway are critical to preventing costly data breaches.

Secure Mobile Fleet: Managing digital devices such as mobile phones, tablets, thumbdrives and any other portable device that stores or communicates data can be the equivalent of herding cats if not done right. IT managers must have security policies in place to deal with and manage devices attached to the network in some way. Many security vendors provide comprehensive solutions to keep track of, lock down, and secure devices.

Robert Siciliano personal and small business security specialist to ADT Small Business Security.

Puneet Kapoor answered a series of questions written by marcus evans before the forthcoming 5th Annual Enterprise Risk Management Conference, March 19-21, 2012 in Chicago, IL. All responses represent the view of Mr. Kapoor and not necessarily those of Walgreens.

What value does the risk management process add to Management’s decision making process?

PK: Decision making is an exercise of making choices. When evaluating choices to make the most appropriate decision, one has to weigh the risks and rewards for each of those choices. A sound risk identification & prioritization process enables management to weigh their choices for their respective impacts sufficiently to ensure they take the optimal level of risk for the sought after rewards.

Management decision making is influenced by the risk management in several ways. Some of them include:

• The risk management process allows for identification of systemic risks that aren’t always apparent unless evaluated across various business units, functions and operational silos across the company.
• It allows for identification of the risks’ impact horizon being current or emerging. Every organization is different, but to keep things simple, one can argue that risks impacting the company’s operations in its current fiscal year would be deemed current and those beyond it as emerging, so appropriate business decision adjustments could be made.
• It helps identify the risk appetite and tolerance for the organization which in turn enables management to formulate more balanced business and financial plans
• It helps in formation of risk adjusted goals and objectives for management which are often tied to performance objectives.

An effective risk management process allows for more effective decision making by management with the likelihood of achieving their desired results maximized. It is not meant to create a brick wall for management to operate within, but more of recommended parameter within which to operate. Business situations may occur that may require one to go outside of their risk appetite or tolerance from time to time.

Risk management and its value to management decision making should be viewed holistically to see its overall value in driving a culture of risk awareness and sharper & more balanced decision making, maximizing the likelihood of achieving results management is trying to achieve.

How can management be certain that they are making the best possible decision in the immediate and long term?

PK: Unless someone has the unique ability to see the future, decision making process will always have a level of uncertainty. Thus one can only be reasonably sure and astute in their decision making process taking the most optimal level of risks and rewards instead of seeking certainty.

Decision making depends on several inputs, including risks, where the organizational decisions should be aligned to its strategy and its strategy aligned with its objectives. The decision making process should, however, be agile and conducive to in-route re-calibrations, as needed. As in any business, there is a constant change of business and risk drivers internally and externally to which one needs to be able to adapt and still be in pursuit of the intended strategic objectives. Furthermore, integrating the risk management process into the strategic planning process allows for the organization to consider the current and emerging risks, evaluate the strengths, weaknesses, opportunities and threats facing the organization, in light of those noted risks and develop the appropriately balanced strategy. Additional inputs into a balanced decision making process may include strategic risk scenario planning, resource availability, shareholder/investor expectations, market conditions, financial considerations, regulatory environment, ability to execute etc.

The goal is to make decisions that are in the best interest of maximizing short term profitability with long term shareholder value considering the current and emerging risks.

What is the role of the Board of Directors in the risk management process?

PK: The Board of Directors exercises oversight over the Company’s strategic, operational and financial matters, including the elements and dimensions of major risks facing the Company. The Board administers its risk oversight function as a whole and through its Board Committees, and the processes it uses to assess and monitor risks include the following:

The Board meets regularly to discuss the strategic direction, operating performance and the issues and opportunities facing Walgreens in light of trends and developments in the healthcare and retail industries and general business environment. In addition, throughout the year, our Board and Board Committees provide oversight and guidance to management regarding our strategy and operating plans. The Company has also implemented an Enterprise Risk Management (“ERM”) process under the direction of management’s Risk Steering Committee. The ERM approach helps the Board and Board committees to receive relevant information about and understand the Company’s risk management process, the participants in the process, and key information gathered through the process. The purpose of the ERM process is to identify risks that could affect the Company and the achievement of its strategic objectives, to understand, rate and prioritize those risks, and to facilitate the implementation of risk mitigation strategies and processes across the Company. The key risks identified through this process are reviewed with the full Board of Directors.

In accordance with its charter, the Audit Committee reviews the Company’s policies and processes with respect to enterprise risk assessment and risk management as well as financial risk assessment and risk management. The Company’s Treasurer, as chair of the Risk Steering Committee, Director of Internal Audit and Chief Compliance Officer all have direct reporting responsibilities to the Audit Committee.

On a quarterly basis, the Audit Committee reviews and discusses the key risks identified in the ERM process with management, their potential impact on our Company and our risk mitigation strategies. In the regular meeting of each of the other standing Board committees, those committees oversee management of risks relating to the applicable committee’s areas of responsibility. For example: the Compensation Committee reviews risks associated with the design and implementation of our compensation plans and arrangements; the Nominating and Governance Committee reviews risks incident to the Company’s governance structures and processes including, among other topics, Board succession planning; and the Finance Committee oversees key aspects of our financial risk management activities, including market and operating risks.

Puneet Kapoor is the Director of Enterprise Risk Management (ERM) at Walgreen Co (“company”). In his current role, Puneet has the responsibility to oversee the entire company’s ERM process with reporting responsibilities to the company leadership, the Risk Steering Committee and, through the Treasurer of the company, to the Audit Committee and the Board of Directors. Prior to his current role, Puneet managed company’s internal audits of its healthcare business.

For more information please contact Michele Westergaard, Marketing/PR Coordinator, marcus evans at 312-540-3000 ext. 6625 or This email address is being protected from spambots. You need JavaScript enabled to view it..

About marcus evans

marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.