Conceptual Security Framework for Mobile Banking Key Authentication and Message Exchange Protocols: Case of Ethiopian Banks

Abstract

Many people are using their mobile devices such as smart phones to access various online services on a daily basis. In particular, mobile banking applications are increasingly becoming popular. Despite popularity however, there seem to be some very genuine concerns on the security issues revolving around it, particularly in regard to man in the middle attacks. Many banks in Ethiopia are offering mobile banking services which allow bank customers to check balance in their personal account and to transfer money between accounts at any time by simply using mobile banking applications installed on their mobile devices. According to the survey analysis we made all banks in Ethiopia implementing Mobile Banking services we motivated to facilitate some security landscapes focusing only on the bank - side and believed that customer - side security is up to the customer to worry about. However, it has been identified that the major security threat is social engineering and its loopholes are customer - side security related. The current situation observed in the Ethiopian Banking industry is that the technology of mobile banking applications are far from totally clean and mature. This research demonstrates that there is a strong pressure on mobile banking application developers to take care of not only users‟ privacy but also the banks security. The result of this research will help Ethiopian banks to revisit their focus of attention in constructing and implementing customer side security to reduce from man – in - the - middle attacks logically tied to this channel of banking service. It is shown that, the functionality of the proposed framework will help to reduce risk scenarios for mobile banking key authentication and message exchange protocols.