/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsIt was way back in 1876 that the worlds first-ever telephone was invented. Back then, it was the neighbors envy for many, and its only imaginable purpose was to stay in touch with the loved ones.
Fast-forward to the twenty-first centurythe bulky fixed-line instrument has been replaced with a sleek, functional mobile device having gone through multiple innovations. Though it retains its original purpose, it has become multi-functionalsometimes serving as our memory keeper by storing important personal information like bank account details and PIN numberswhile at other times, managing our schedule like a personal assistant and keeping us connected to our friends and family through social networking. Not only that, in many cases it also serves as a medium to unwind and rejuvenate at the end of a long day through high-speed video and game downloads on the go.
As for the working professional on the move, it has become an indispensible way of doing business. Given that India is expected to add 136 mn people to its workforce in the next ten years, 24x7 access to information is going to be the key in reaping maximum benefits for organizations. And that is exactly what the upcoming launch of 3G services in India is expected to offer, creating over 107 mn 3G subscribers by 2015 (according to PwC) and adding to Indias 6 mn online shoppers who comprise the $2.2 bn e-commerce industry.
Such is the story of the telecom revolution in India!
The 3G Effect!
The recently concluded 3G auction in India fetched the government three times the income it expected to earn through the spectrum sale. Needless to say, mobile operators see tremendous potential in 3G in India, and expect to rake in significant revenue from the services. Each of the operators is in top gear, preparing to offer unique Value Added Services to its customers through the 3G medium. While this seems like the only way for the operators to make good of the enormous investments that were made in acquiring the spectrum, little attention is being paid at the moment to another critical aspect in 3G, one which threatens to be a major stumbling block for its growth in Indiasecurity!
3G and Mobile Frauds
Historically, no mobile virus has had a significant impact in India. However, the threat is growing in the number of attacks as well as in complexity every day.
In 2009 alone, thirty-nine new mobile malware were identified and another 257 variants were found. The Cellular Operators Association of India, which is the lobby of Indian GSM service providers, issued a cautionary notice against fraudulent prize winner scam calls which lures the customers into disclosing account related information to avail a prize. Whats more, companies are investing heavily in enterprise mobility to enable employees to access corporate information on the go which is leading to growing adoption of smartphones and iPads. These are easy targets for fraudsters given inadequate security measures available today. Worms like Python.Flocker which target these platforms originated in Asia and offers a preview of the impact of threats that lurk.
According to Gartners estimate, the number of worldwide mobile workers will reach 1 bn by 2011 with the Asia-Pacific being the biggest contributor, an indication of the simultaneously growing threat landscape.
The onset of 3G will only further propel this as it will increase the chances of attacks by mobile trojans which can find and steal specific information like credit card details saved on the phone, and SMS redirection attacks on handsets carrying out activities like mobile banking, e-commerce, and data downloads.
The Awareness Quotient
The Indian consumer is not a complete stranger to hacking and frauds. With social networking and e-banking already having changed the way Indians connect and transact, they have been exposed to phishing and trojan attacks in the past. In fact, according to a recent Online Global Consumer Survey by RSA which polled 4,500 heavy Internet users, Indians demonstrated a very high level of awareness and concern for phishing at 99%. Indians also expressed a high level of concern about the threat of trojans at 85%. With reference to SMiShing, 43% among the Indians surveyed showed high awareness and concern.
The report also revealed that the online Indian consumer is apprehensive about sharing personal data on unprotected sites. However, most consumers are unable to differentiate between an authentic site and a fraud site, and this difficulty is further compounded when trying to transact on a mobile interface.
Logging onto 3G security
According to KPMG, India and China, are leading the drive for personal banking and retail transactions via their mobiles. Given this fact, telecom operators, online payment companies, e-commerce entities, and banks are assessing different means to secure their network for the customer.
Most telecom companies already have a Security Operations Center (SOC) that monitors threats within the network, and combines multiple events to alert customers of the possibility of an attack.
Banks on their part are toying with the idea of investing in extending their online banking protection to the mobile channel.
Many banks currently use 3-D Secure to protect their online customers. However, fraudsters have found ways to circumvent the technology. Here, instead of seeking the banks credentials, fraudsters ask the customer to enter his PIN, which he usually does even if the page looks reasonably familiar.
The way to prevent this would be to ensure that the unique phrase that the customer entered when he signed up for 3-D Secure is displayed every time he is asked to key in his PIN. No fraudster can duplicate that key phrase without hacking into the banks servers which is easier said than done.
Another way to protect a customer from an attack is to encrypt data while it is in transit, making it difficult for fraudsters to decode the information.
Having said that, security companies are working overtime to innovate and adequately secure the mobile channel, and ensure a safe 3G network. However, attacks are maturing by the day and the onus is on consumer facing entities to finally drive the adoption of adequate security measures and solutions to provide a safe passage to customers on the 3G network.
Vikas Desai
The author is the lead technology
Consultant, India & SAARCRSA,
the security division of EMC
maildqindia@cybermedia.co.in