For any cave-dwelling, living-under-a-rock, head-in-the-sand, naïve, under-informed members of society who aren’t paying attention, we have serious cyber-security issues on our hands.

Mobile banking is on the rise for more reasons than convenience sake. In truth, it’s more secure than traditional online baking.  Accessing your banks mobile website or using your banks mobile application is inherently more secure than using a computer.

Why?

Computers are big targets for thieves. PC’s mostly run on Microsoft’s most hacked operating system, they typically contain a great deal of data, and they are vulnerable to viruses created by criminal hackers. Over the past decade criminals have learned the ins and outs of exploiting online banking using PC’s. In the past 15 years or so, the desktop computer has been hacked in every possible way, making the computer and the data it contains and transmits extremely vulnerable to fraud.

Mobile banking on the other hand is relatively new – the operating systems vary, viruses and other malware aren’t as prevalent and the technologies in handsets themselves vary greatly among manufacturers.

Computers are still the “low hanging fruit” while mobile phones aren’t as attractive due to computers being so vulnerable.

The mobile carriers’ networks are more difficult to hack than your home or local coffee shop’s wireless network. Mobile carrier services like 3G have a much higher level of encryption and aren’t open like broadband internet. Meaning you can’t just jump on someone’s 3G connection in most cases.

With mobile banking there is the added benefit of additional layers of authentication, in which the account holder authorizes various transactions via text message or call backs with an additional code, making mobile banking even more secure.

As mobile banking becomes more popular, investigate it and try for yourself. You will love the convenience and appreciate the security.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

The Federal Financial Institutions Examination Council (FFIEC), a formal government interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions, recently issued a supplement to the 2005 document “Authentication in an Internet Banking Environment” effective January 2012. The FFIEC has acknowledged that cybercrime is increasing and financial institutions need to increase their security and that of their customers.

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein.”

This means the simple “username/password” combination for accessing your online banking is ineffective. And that banks should “adjust their customer authentication controls as appropriate in response to new threats to customers’ online accounts” and “financial institutions should implement more robust controls as the risk level of the transaction increases.”

The FFIEC’s previous statement implies it is encouraging the use of dual customer authorization typically seen when using digital security devices including smartcards and password generating key fobs.

This is where multifactor authentication comes in. Multifactor is generally something the user knows like a password plus something the user has like a smart card and/or something the user is like a fingerprint. In its simplest form, it is when a website asks for a four digit credit card security code from a credit card, or if our bank requires us to add a second password for our account.

Some institutions offer or require a key fob that provides a changing second password (one-time password) in order to access accounts, or reply to a text message to approve a transaction. All of this extra security is good for you.

Like Mom used to say, “Broccoli: like it or not, it’s for your own good.”

These measures provide layers of protection, which allow you to enjoy the convenience of online services with minimal risk. The benefits of logging in online and adding an extra code is far more convenient than schlepping all the way to the bank in person.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Nielsen reports “We are just at the beginning of a new wireless era where smartphones will become the standard device consumers will use to connect to friends, the internet and the world at large. The share of smartphones as a proportion of overall device sales has increased 29% for phone purchasers in the last six months; and 45% of respondents indicated that their next device will be a smartphone.”

Mobile users have recently captured the attention of cyber criminals. The Department of Homeland Security and the STOP. THINK. CONNECT. program recommend the following tips to help you protect yourself and to help keep the web a safer place for everyone.

You can protect yourself from cyber criminals by following the same safety rules you follow on your computer when using your smartphone. These rules include:

Access the Internet over a secure network: Only browse the web through your service provider’s network (e.g., 3G) or a secure Wi-Fi network.

Be suspicious of unknown links or requests sent through email or text message: Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Download only trusted applications: Download “apps” from trusted sources or marketplaces that have positive reviews and feedback.

Be vigilant about online security: Keep anti-virus and malware software up to date, use varying passwords, and never provide your personal or financial information without knowing who is asking and why they need it.

Don’t jailbreak an iPhone: Most of the infections that have plagued iPhone users occur when the phone is jailbroken. Jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system. Jailbreaking allows users to gain full access (or root access) to the operating system, thereby unlocking all its features. Once jailbroken, iOS users are able to download additional applications, extensions and themes that are unavailable through the official Apple App Store.” Jailbroken phones are much more susceptible to viruses once users skirt Apples application vetting process that ensures virus free apps.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

We’ve heard this story before, but unfortunately it happens over and over again. Social media and dating sites are overrun with criminals who pose as legitimate, upstanding individuals, but are really wolves in sheep’s clothing.

In Florida, a man named Martin Kahl met a 51-year-old woman and they developed an online romance. A quick search for the name “Martin Kahl” turns up many men with the same name and no obvious signs of trouble.

This particular Martin Kahl told his online girlfriend that he would soon be working in Nigeria (red flag) on a construction project, but a short time later he informed her that the job had fallen through. He cried poverty and asked her to send him money, which she did.

(If there are people in your life who might be prone to falling for a scam like this, please reel them in immediately. Any of their financial transactions ought to require a cosignatory.)

Anyway, during their affair, Kahl claimed he had been arrested (red flag) on some bogus charge, and requested that the woman bail him out to the tune of $4,000, which she most likely paid via money wire transfer (red flag).

All told, she sent the scammer at least $15,000 during their relationship. Sadly, social media sites can do more to protect their users, and should take advantage of information that readily exists for them to use — the known reputations on over 650 million devices in iovation’s device reputation knowledge base. Computers that are new to these social networks dealing with scammers and spammers are rarely new to iovation.  They have seen these devices on retail, financial, gaming or other dating sites and will help social sites know in real-time, whether to trust them.

In the case above, the phone numbers used in the scam were traced overseas. The computer or other device the scammer used to go online could surely also have been traced overseas and could have been flagged for many things:  hiding behind a proxy, creating too many new accounts in the social network, device anomalies such as a time zone and browser language mismatch, past history of online scams and identity theft, and the list goes on.  Scammers in countries such as Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, or Malaysia conduct many of these scams, spending their days targeting consumers in the developed world.

Social media sites could protect users by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services and is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce. Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and are concerned about their security and are waiting for the various handset manufacturers (those who make the phones), mobile carriers (those who provide mobile service) and third party technology providers (those who make the technology facilitating financial transactions) to agree on standardization leading to more secure transactions.

However, for many years in Japan and South Korea for example, mobile penetration has been much higher and many people don’t and have never owned PCs (or have been hacked) as they function purely from mobile devices. Security hasn’t been as much a concern. It’s a perfect example of “ignorance is bliss.”

Consumers in the U.S. overwhelmingly want mobile payment. A recent study by Mobio showed “49 percent of Americans said they’ve used their mobile phones to make a payment or purchase in the past three months. And 77 percent of the 1,085 respondents in North America said they would be interested in using their mobile phones to make a payment or purchase. The response was higher — 84 percent — in the 35 to 44 year old age group and among Canadians (86 percent versus 72 percent of U.S. respondents).”

Near Field Communications (NFC), the engine behind mobile payments comes in a variety of forms and there are multiple players trying to makes theirs a standard. Bank Systems Technology reports the disagreements involve banks, credit card companies and the third party technologies all coming together with mobile carriers. The mobile carriers want to control near-field communication and mobile payment fees by maintaining control over the phones payment technology containing their users’ credentials. Mobile carriers see the devices they support as revenue generators that should grant them mobile payment per transaction fees.

Meanwhile, consumers crave mobile payment and must adapt until the big guys fight it out to see who ends up top dog. However, because there is a relatively low security risk in mobile payment, consumers stand to benefit by trying out and adopting the various methods presented. I’m frequently using 2-3 methods such as the Paypal App which allows me to send and receive payments and Square which allows me to make and receive credit card payments on the spot. I find both convenient and fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

The ticker tape of data breaches in the last few months has been astounding. Many have called 2011 “The Year of The Hacker“ and that prognostication has rung true, without question. Halfway through the year, data breaches are an incessant news story.

And despite the constant stream of bad news, consumers continue divulging a tremendous amount of data to retailers, auction sites, dating sites, and gaming sites. While awareness of fraud and cybercrime is at an all time high, consumers seem to feel they don’t have much of a choice but to provide all their data.

People have grown to love the Internet and all the conveniences it offers, both commercially and socially. In my household, little people under five years old whack away at online iPhone games, never knowing what it’s like not to have the Internet.

Many seem to feel that their privacy is the price they must pay for all this connectedness and convenience, and are even willing to put their personal security at risk in exchange.

Scammers know and are capitalizing on this. There isn’t an online gamer, dater, social networker, or consumer today who isn’t at some level of risk.

While all necessary defenses must be employed to prevent hackers from compromising data, an additional layer of protection should be implemented to keep them off websites in the first place.

Every one of these platforms would do well to stem the tide of fraud by incorporating device reputation. One anti-fraud service offering fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. Hundreds of online businesses prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their websites, and with iovation’s service, they stop 150,000 online fraudulent activities each day.

Robert Siciliano, personal security and identity theft expert contributor to iovation.

1. Realize that you can become a victim at any time. Not a day goes by when we don’t hear about a new hack. With 55,000 new pieces of malware a day, security never sleeps.

2. Think before you post. Status updates, photos, and comments can reveal more about you than you intended to disclose. You could end up feeling like some silly politician as you struggle to explain yourself.

3. Nothing good comes from filling out a “25 Most Amazing Things About You” survey. Avoid publicly answering questionnaires with details like your middle name, as this is the type of information financial institutions may use to verify your identity.

4. Think twice about applications that request permission to access your data. You would be allowing an unknown party to send you email, post to your wall, and access your information at any time, regardless of whether you’re using the application.

5. Don’t click on short links that don’t clearly show the link location. Criminals often post phony links that claim to show who has been viewing your profile. Test unknown links at Siteadvisor.com by pasting the link into the “View a Site Report” form on the right-hand side of the page.

6. Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!”  When you click the link, you get a message saying that you need to upgrade your video player in order to see the clip, but when you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data.

7. Be suspicious of anything that sounds unusual or feels odd. If one of your friends posts, “We’re stuck in Cambodia and need money,” it’s most likely a scam.

8. Understand your privacy settings. Select the most secure options and check periodically for changes that can open up your profile to the public.

9. Geolocation apps such as Foursquare share your exact location, which also lets criminals know that you aren’t home, so reconsider broadcasting that information.

10. Use an updated browser. Older browsers tend to have more security flaws.

11. Choose unique logins and passwords for each of the websites you use. I’m a big fan of password managers, which can create and store secure passwords for you.

12. Check the domain to be sure that you’re logging into a legitimate website. So if you’re visiting a Facebook page, look for the www.facebook.com address.

13. Be cautious of any message, post, or link you find on Facebook that looks at all suspicious or requires an additional login.

14. Make sure your security suite is up to date and includes antivirus, anti-spyware, anti-spam, a firewall, and a website safety advisor.

15. Invest in identity theft protection. Regardless of how careful you may be or any security systems you put in place, there is always a chance that you can be compromised in some way. It’s nice to have identity theft protection watching your back.

Robert Siciliano is a McAfee consultant and identity theft expert.