1. GSM: A Double-edged Sword Tom Kellermann, CISM Sr. Data Risk Management Specialist, The World Bank

2. Global System Mobile GSM has over 787 Million users worldwide Most PDAs and cell phones will be VOIP enabled by 2005 More robust security than 802.11 a,b and g however….

3. Comparison of Wireless & Fixed Telecom Penetration

4. The Achilles Heal of Security Wireless is growing at 3X the rate of landlines globally. The wireless boom is compounding the security quagmire.

5. GSM Vulnerabilities  SIM-CARD Vulnerability  SMS Bombs  Gateway Vulnerability  WAP Vulnerability  Man in the Middle Attack

6. The Man in the Middle Attack

7. Security Recommendations Enable a power-on password Install anti-virus software Install personal firewall Use robust encryption e.g. S/MIME Ensure that devices are stored securely Ensure that the desktop application mirroring software is password protected Install VPN software

8. Over reliance on VPNs

9. Mobile User Business Risk Policies Authentication-Banks should directly authenticate their customers. 3 rd parties should neither obtain nor store customers banking PINs. Stored Value Accounts (SVAs)-Bank accounts should not be accessed when making a payment. Bank accounts should only be used for replenishing SVAs in the customers direction. Interactive Voice Response (IVR)-mobile IVR sessions should be recorded and not be utilized for value services. PINs--Banks should educate their customers to use different robust pins for different online services and to change their PINS periodically.

10. Conclusion Wireless connections are the weakest link in the security chain. CISOs and CIOs must ensure that no rogue access points exist and that all wireless usage is security in a layered fashion.

11. World Bank Integrator Unit Website For more information on these and other issues related to e-finance and e-security please refer to our website at: www1.worldbank.org/finance (Click on E-security)