Boston, MA
November 2007

Mobile Financial Services Security:
A New Ecosystem at Risk


Mercator Advisory Group is pleased to announce the release of its latest report, Mobile Financial Services Security: A New Ecosystem at Risk.

For C-level and operational leadership at financial institutions, payment processors and others considering rolling out mobile financial services, this new report reviews the current threat, the threats to come and what financial institutions, mobile operators and consumers need to do about them. In particular, the report reviews the vulnerabilities of mobile devices and the elements that connect them to financial institutions.

The report concludes with a series of recommendations for FIs, MNOs and consumers. Particular emphasis is placed on a proactive consumer education before the mobile channel becomes a greater target for cyber-criminals.

Highlights of the report include:

  • The security vulnerabilities of the online world are shifting to the mobile phone.
  • Today’s mobile threats are primarily social engineering attacks via phishing emails and its mobile variant via SMS. Known as “SMIShing” this practice may be especially effective as the sender may well be somewhat known to the receiver if the user’s mobile address book has also been hijacked.
  • Mobile devices, especially their operating systems and applications, offer a broad “attack surface” of vulnerabilities for mobile malware to exploit.
  • The US mobile ecosystem mobile operators, FIs, software and network providers has yet to prepare consumers for the Internet-like attacks to come.
  • Mobile handsets have a potent two-factor authentication role to play in defeating online attacks.

“As mobile banking moves up in importance for FIs, so must concerns about the security of the mobile channel. While it has been uneventful to date, that peace is going to end,” comments George Peabody, Director of Mercator Advisory Group’s Emerging Technologies Advisory Service. “The mobile ecosystem needs to educate the consumer about mobile security and to stop blaming the victims for their ignorance.”

Companies mentioned in the report include Google, Apple, Microsoft, Verizon, AT&T, Sprint, T-Mobile, mFoundry, ClairMail, Symbian, RIM, Absa Bank, Citi, Bank of America, Globe Telecom, and Smart Communications.

One of two exhibits in this report

This report is 30 pages long and contains two exhibits.

Members of Mercator Advisory Group have access to this report as well as to the upcoming research for the year ahead, presentations, analyst access, and other membership benefits. Please visit us online at

For more information, call Mercator Advisory Group’s main line: 781-419-1700 or send email to