Should Banks Reconsider the use of SMS?

Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS were found on Google Play by researchers from antivirus vendor Kaspersky Lab.

Many banks use mTANs as a security mechanism to prevent cyber criminals from transferring money from compromised online banking accounts. When a transaction is initiated the bank sends a unique code called an mTAN via SMS to the account owner's phone number. The account owner has to input that code back into the online banking website in order for the transaction to be authorized.

Read the whole story here

This occurrence means that banks need to reconsider the use of SMS and mobile users can no longer trust app stores when downloading new apps.

Yes this is alarming.

You download an app to your smartphone, the app picks up your private data, banking transactions, passwords etc. and sends them to the bad guys and voila you are totally hacked, not just our phone but everything else.

We have so much stuff on our smartphones, and it is too easy to trust and install an app.

Scary

Good points made here.

But what do we do? Should there be a body that will check the apps really really well and offers a seal of approval? Who will that be? The appstore operators (Apple, Samsung, Microsoft, Amazn, etc) are failing to do that.

Maybe there is room for the virus protection vendors to play a bigger role on smartphone?

After all in a BYOD environment, it takes only one employee to download a malicious app and then all his email messages, contacts and so on are shared with the 'bad guys'

And enterprises are not going to be able to control what apps are installed by the smartphone users ..

Really tricky.