Wireless technology is rewriting security rules for financial services sector Wednesday 28 February 2001 PDF Print Security expert @stake warns against applying technology bandages to policy problems At a meeting of senior financiers in London this morning, Dan Geer, Chief Technical Officer of Internet security consultancy @stake, warned that the adoption of wireless technology will force a radical rethink of security measures within the financial services sector. The growing dependence on wireless networking within financial services institutions and the increasing use of portable devices to exchange information with employees and customers undermines many current assumptions about security that technology alone is unable to address, he said. "The recent scare stories about security flaws surrounding wireless technology have clouded a more fundamental issue - effective security starts not with technology but with the policies that financial institutions put in place to control sensitive information," said Geer. "As these institutions embrace mobile devices and wireless connectivity, the policies surrounding access and accountability will have to be fundamentally revised to maintain the high standards of security to which customers and regulators have become accustomed." Within financial institutions, security consists largely of the choice between two different strategies - who may do what to whom and at what time; and accountability, whereby individuals are given a great deal of autonomy but are also subject to very strict audits of their behaviour to ensure that any misdemeanours can be readily identified. Geer warns merely extending existing technologies to the wireless world without re-examination is a recipe for disaster. As an example, Geer explained that because wireless devices can be easily lost or stolen, any policy that identifies a user simply by their possession of a particular device is very prone to fraud. Because any radio transmission is relatively easy to intercept, 'replay attacks' - whereby even encrypted security codes are captured and re-transmitted - become relatively simple for the experienced hacker. To counter this, very careful attention needs to be made to: user authentication; 'time-stamping' security codes; improving the meaningfulness of transaction logging; and to 'velocity checking' whereby transactions carried out in different apparent locations at the same time are flagged as suspect. "These security measures are themselves policy issues that exist quite independently of the wireless security technologies employed and it is only by addressing these issues that an effective and secure platform can be created," said Geer. "Financial institutions must also take care to identify the potential outcome of any security exposure to ensure that the security they implement is consistent with the risk entailed, just as they naturally do in other more familiar parts of their businesses." Contact Brodeur Bfour Matthew Ward/Lena Ahmed email@example.com or firstname.lastname@example.org Telephone +44 (0) 1753 44 8875/8861 This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.