Anything bearing a lock will always have someone inquisitive looking for a way to circumvent the key.
Not all mobile money platforms & banking systems are built equally the same. Security and anti-fraud measures are not always at the forefront in everyone's mind, and operators are not putting enough of an emphasis to ensure their mobile money/payment systems have the adequate security and protection to protect these systems from the very people that operate them.
Although most of the mobile money/payment services are safe, cyber-crooks have found inventive ways to crack the security systems of known mobile payment services such as Google Wallet (at the beginning of 2012, Google Wallet’s PIN system was cracked twice). Most security breaches that I have been asked to review usually involved an insider providing assistance to the external perpetrator or an elaborate and well designed and orchestrated phishing scheme.
Recent news of both such security breaches have made headline news this past week. In the developing markets of Ghana two have been arrested for intercepting a mobile money transfer request. For those of you with smart-phones be wary of the authenticity of app's that you have downloaded to ensure they are from your financial institution; thirty financial institutions in Austria, Sweden, Switzerland, and Japan, have reported to being defrauded by phone apps used to intercept passwords from account holders.
What options do mobile money service providers have?
Mobile Money service providers have many options that include outsourcing the management of these highly secure systems to third-party companies to installing sophisticated intrusion detection systems that monitors and limits access to their secure systems. Consumers using smart phone should only ever download authorized, signed and certified applications from their financial institution.
Be carefull out there!