Wireless Security Still in its Infancy

Jan. 31, 2005 — -- More Americans than ever are using mobile technology, from sophisticated cell phones to hand-held personal digital assistants to laptop computers. And millions of people now do their banking online. But the convergence of these trends raises a key question: Is your money safe in the wireless world?

After all, wireless banking -- as opposed to online banking performed through a personal computer wired to the Internet -- could offer even more convenience for consumers. But using a cell phone or PDA, or a wireless connection for a laptop, introduces a brand new set of security issues into the banking arena.

Despite some enthusiastic forecasts from technologists, the adoption of wireless banking has been a gradual process -- perhaps in part due to the security concerns. About 1.5 million adults made banking transactions using a "smart" cell phone or PDA in the last year, according to Gartner Inc., a technology research firm in Stamford, Conn. That represents a little less than 1 percent of all transactions with financial institutions.

Still, as smart cell phones proliferate -- research firm IDC of Framingham, Mass., projects U.S. sales will increase from nearly 5 million in 2004 to 35 million by 2008 -- the range of banking services available online seems likely to increase as well, as most major banks have introduced wireless initiatives within the last five years.

The most common current use for wireless banking appears to be consumer alerts -- messages notifying customers about things such as their account balances, lists of transactions, updates about the stock market or portfolio summaries. Wachovia, the nation's fourth-largest bank, based in Charlotte, N.C., sends out 1.9 million alerts to customers every day. Of these, 30 percent are viewed on wireless devices.

Still, industry observers note wireless banking has its limitations -- or at least will until the day someone invents a cell phone capable of dispensing a crisp set of $20 bills. "For different types of transactions, there are different types of channels," says Avivah Litan, an analyst at Gartner. "People go into banks to make deposits or get loans, they use ATMs to withdraw cash, and there is a demand to track balances, transfer funds and pay bills online."

Current wireless banking customers tend to be "professionals, people who travel a lot and need to access their account from different places," says Ilieva Ageenko, Wachovia's director of emerging enterprise applications. But in the long run, adds Ageenko, banks will need to provide services for the "newer generation" of young adults who have grown up with cell phones and will expect a wider range of functions from their mobile devices.

To do so, banks will have to tackle two main areas of concern when it comes to wireless banking security. One is the security of cell phones and other mobile devices, which are often too small to devote much computing power to security tools and could be vulnerable to a variety of attacks.

The other issue involves the potential vulnerability of wireless local area networks, including those using the popular 802.11 standard network. This pertains to people using a regular laptop computer to access the Internet, anywhere from airports to a local café.