Near Field Communication Safeguarding the Mobile Marketplace

Our speakers Larry Collins Head of e-Solutions Zurich Services Corporation Christopher O’Donnell, CPCU ARM Administrative Vice President Director of Corporate Insurance & Risk M&T Bank

Conducting business online in an increasingly mobile society Cyber security was named one of the top five global risks for companies in 2012 at the World Economic Forum in Davos, Switzerland Companies that have traditionally had little data about their customers now must become accustomed with data privacy and security laws, and protect their customers’ personal information

What is Near Field Communication (NFC)? “A wireless technology that has a range of only a few inches. It is based on the magnetic field induction between readers and tags in a radio frequency identification (RFID) system. Adhering to the ISO international standard for smart cards, near field communication (NFC) is compatible with the countless ID card terminals in use around the world.” (PC Mag)

How big is the market? Juniper Networks

How the Technology Works 1) Coil in the first smart phone sets up a current that is picked up a second smart phone or reader. 2) The second smart phone receives the “induced current” from the first, recognizes it as a valid signal and offers a connection. 3) The first cell phone accepts the connection and begins the transaction.

How the Technology Works 1) Coil in the smart phone sets up a current that is picked up by the smart tag 2) The smart tag receives the “induced current” from the cell phone, recognizes it as a valid signal and offers a connection to the cell phone. 3) The cell phone accepts the connection and begins the transaction

Users of NFC-enabled devices can: Make payments or use coupons via devices, instead of credit or debit cards Transfer files and share documents Download information about objects, services or places from “smart posters” Display electronic identity documents, like air travel boarding passes

What are some examples of the technology?

What are the risks? Privacy – What data is being captured, processed or stored? – Information Privacy and security rules apply! – How does a customer opt-out? Security – If you capture store or process data, you have to protect it. – Lost smart phones are now an exposure. Can you shut them down remotely? Sentinel Hacking – A hacker can establish a “sentinel” tag, fixed in one place, to receive and download information from passing smart phones. – Any NPI on the smart phone can then be down loaded – Loss of privacy – Loss of financial info – credit card #s

Businesses that rely on NFC to share company information can: Automatically shut-off of an employee’s smart phone if it’s lost, so information can’t be accessed by unauthorized parties. Enlist the company’s telecommunications and information technology department to limit the content that employees can download or store. Enforce a password requirement. Encrypt data so it can’t be easily read.

Businesses that rely on NFC to acquire customer information can: Use transmitted data for the purpose it was collected: If a customer shared personal information solely to pay for something, don’t then use that data for targeted marketing. Secure collected data with encryption, passwords and by restricting access. Determine how long data should be stored; create a data purging cycle. An educated team, aware of global privacy laws, should be in place. Limit data-reading devices’ power, allowing them to receive data only from short distances. Limit the content that devices display during transactions. Implement the electronic security measures that a near field system requires.

Risk management in practice: M&T Bank Our risk management process involves a number of “moving parts” including: – Corporate Risk Management – Corporate Insurance – New Products & Services Committee – Corporate Operational Risk Committee – Management Group

Risk management in practice: M&T Bank We are in the process currently to review “alternative channels” of banking service. The following slides will take us through a view of how we vet the risks associated with these “alternative channels.”

15 Benefits Measurable Benefits Reduce telecom costs due to deflection from the IVR to mobile channel - $336M Account acquisition – $5.75MM Mobile financial service capabilities are more impactful in a consumer's decision to select a bank than availability of online banking, access to ATMs, or nearby branches. Additionally, banks offering mobile financial services should anticipate as much as a sixty percent increase in sales lift* Other Benefits Provides the bank with a competitive advantage Establishes a credible presence in mobile banking Creates infrastructure that can be leveraged for Commercial and Business Banking Lays the foundation for alerts, mobile check deposit and P2P *Source: Mercatus

16 Competitive Analysis

17 Business Initiative Risks External fraud Authenticity of the mobile application Technology failure Vendor failure Ability to handle customer service inquiries Vulnerability of transmitting data wirelessly Operational Risks Patent Infringement – Some cases related to mobile banking exist Legal / FDIC disclosures on mtb.com and in the mobile banking application Legal/Compliance Risk Failure to create a credible mobile banking channel that will attract new customers Strategic Risks

18 Business Initiative Risks Patent infringement lawsuits Compromise of customer data Failure of technology Reputational Risks Timeouts Apple store ClairMail controls and contract Gradual migration Secure transactions Process controls: use of Web Banking User ID and passcode, no reset from mobile device, user agent string capture Information Security is assessing the risk of each mobile feature Controls

19 Loss Scenarios Worst Case Loss Scenario Patent infringement lawsuit, external fraud or data breach at the customer level. The risks would be reputational in nature. Likely Loss Scenario Mistaken internal transfer between a user’s account Unintended bill payment to an existing payee

Mobile Banking Enrollment* Enrolled Customers *Reporting through 1/12/2010 **Web Banking Active Users: 628,541 ***DataMart Number of Days 24,957 App Downloads 76,895 Mobile Web Users 12% of active Web Banking 63,296 Mobile Text Users 10% of active Web Banking Total Unique Mobile Users: 128,854, or 21% of active Web Banking** Profile of Mobile Customer*** *71% of users are under the age of 36; about 26% are between the ages of *Users are profitable. They have high balances & cross-sell. *Users have a higher CQI than non-users. *A disproportionately high share of mobile users are in the Baltimore region. 20

Current Environment Industry Trends – Chat – Video – Facebook – Twitter 2000Today1980 Alternative Channels growing in transaction, sales, and research activities Forrester predicts that one-third of all checking sales will come via the Internet by survey by the American Bankers Association finds that customers under the age of 55 prefer to bank online

Small Business Owners Use Smartphones Small Business Adoption Outpaces Consumer While only 17% of Americans own smartphones…49% of small business owners are reported to own smartphones. Source: Forrester, September 2010Forrester Small Business Adoption Outpaces Consumer While only 17% of Americans own smartphones…49% of small business owners are reported to own smartphones. Source: Forrester, September 2010Forrester 22

Current Environment Industry Transaction Trends Mobile and Online transactions will grow at a significantly higher rate than other transactions over the next 3 years (TowerGroup) More than 1.5B check deposit transactions will shift from the branch to mobile check deposit by 2014 (Mercatus’ Remote Deposit Capture Adoption Research Study, 2/2012) According to Nielsen, by the middle of 2011 over 50% of mobile phones sold in the U.S. are expected to be smart phones, or other all in one device Source: TowerGroup

Q&A