PayPal’s mobile payments business is now expected to do $3 billion in volume this year, double what the company predicted last fall, and up from $2 billion forecasted in April.

PayPal said it’s seeing $10 million a day in total mobile payment volume, up from $6 million in March. That’s a huge ramp-up and suggests PayPal is finding success in facilitating online payments through mobile phones, which is an extension of its existing business. But it doesn’t address where PayPal needs to go in the future: mobile payments for offline goods. Offline, real-world payments are a much bigger opportunity, representing more than 90 percent of current transactions. That’s where PayPal is looking to shift, but right now, the bulk of its business is still online.

Read Full Article On Gigaom.com

This is a very important article/whitepaper that was published recently by RSA. It explicitly points to mobile phones being a security problem and makes specific mention of SMS and mobile banking being vulnerable.

The Current State of Cybercrime and What to Expect in 2011

Cybercrime continues to show no signs of slowing down. In fact, 2010 marked a year of several new threats and an increased level of sophistication in the attacks witnessed around the globe. As the new decade opens, cybercrime is diverging down a different path as cyber attacks move beyond the financial services industry and malware makes a shift from targeting consumer desktops to employees in the enterprise.

The RSA Anti-Fraud Command Center (AFCC ) has developed a list of the top cybercrime trends it expects to see evolve over the course of 2011.

The RSA Anti-Fraud Command Center is on the forefront of new threat detection and cybercrime intelligence, achieving several milestones including the shutdown of over 350,000 online attacks across 181 countries and launching the first commercial anti-phishing and anti-Trojan services in the industry.

In this white paper, RSA will review the current state of cybercrime based on what we witnessed in the last twelve months and provide a series of predictions on what to expect from cybercriminals in 2011.

Read the full article (PDF Format) as published by RSA on their web site (free registration required)

I read a nice article today on zdnet.com.au. It is becoming clearer by the day that criminals are beginning to target the mobile device as an access point to user data.

The following in an excerpt from the article.

Mobile phone attacks will increase this year as criminals attempt to intercept SMS-based authentication tokens, according to security company RSA.

The tokens are designed to complement username and password log-in checks by requiring users to validate payments with unique numerical codes, in this instance sent by SMS.

It is becoming more popular, and the Commonwealth Bank of Australia claims to have 80 per cent of its customer base using tokens to validate third-party payments via SMS or through safer handheld token-number generators. The bank isn’t forcing customers to use it, but those who don’t will not be permitted to carry out high-risk transactions over NetBank.

RSA said in a 2011 predictions report that sending tokens via SMS will make phones a target.

“The use of out-of-band authentication SMS … as an additional layer of security adds to the vulnerabilities in the mobile channel,” the company said in its report.

“A criminal can … conduct a telephony denial-of-service attack which essentially renders a consumer’s mobile device unavailable.

“SMS forwarding services are also becoming mainstream in the fraud underground and enable the [token] sent by a bank via text to a user’s mobile phone to be intercepted and forwarded directly to the cyber criminal’s phone.”

Read the article in full on zdnet.com.au

SCOTTSDALE, ARIZONA, USA – November 22, 2010 – CellTrust Corporation, the recognised leader in mobile secure messaging and secure applications for mobile phones (www.celltrust.com), today announced that CellTrust’s mobile banking product, which is being piloted outside of the U.S., is based on SecureSMS Secure Mobile information management (SMIM) architecture and is not affected by security flaws that were recently published in a Wall Street Journal article. The article stated that a number of top financial companies and banks, such as Wells Fargo & Co., Bank of America Corp. and USAA, are rushing to develop updates to fix security flaws in wireless banking applications that could allow a computer criminal syndicates to obtain sensitive data like usernames, passwords and financial information.

“This is not the first time that mobile banking applications have been vulnerable to security flaws, and we do not believe it will be the last time,” said Sean Moshir, CEO and Chairman of CellTrust. “The issue with the banking apps mentioned in The Wall Street Journal article is that personal information about the wireless subscriber, such as the user name and password to a bank account, is being stored in the mobile device, which could give a cybercriminal full access to a person’s financial accounts. Storing the password in the memory of the handset is a fundamental mistake in the design of the apps and the security architecture. Furthermore, apps that store passwords in the memory of the handset or send it across the network are not compliant with financial industry regulations or best practices.”

Moshir continued, “CellTrust developed its SecureSMS platform from the ground-up, with security architecture in mind, and continues to provide a safe and secure environment for the exchange of sensitive information. A key difference with SecureSMS is that CellTrust uses the mobile command channel for communication, rather than the data channel which was used for these particular mobile banking apps. It is critical and added security for mobile banks apps to perform the actual transaction or user authentication out of band.”

CellTrust SecureSMS Provides

• Two-factor authentication
• End-to-end encryption of messages
• Long SMS messages, of up to 5000 characters
• Confirm delivery and read receipt
• Policy-based encryption key changes
• Auditing and compliance with HIPAA, FISMA, and Sarbanes-Oxley, ensuring that information is kept private and only delivered to the intended recipient
• Remote data wipe if a device is lost or unauthorised access attempts are detected
• Architecture that does not store passwords in the memory of handset or transmit it across the wireless network

CellTrust SecureSMS™ Appliance was named winner of many industry awards by CTIA, Mobile Marketing Association, RCR Magazine, MobileTrax, and more.

About CellTrust Corporation

CellTrust is a leading provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™ featuring the SecureSMS™ Appliance and a suite of mobile applications provide advanced secure mobile messaging and information management solutions across 200+ countries and over 700 carriers. CellTrust ensures the secure and trusted exchange of information on mobile devices to the financial services, healthcare, government, education, energy, information technology, marketing, and travel, among other global industries. For more information about CellTrust’s Global, African, North American and Australian operations: www.celltrust.com, www.africa.celltrust.com, www.celltrust.com.au.

Media Contact

Lora Friedrichsen
Global Results Comms (GRC) for CellTrust
+1 949-608-0276
celltrust@globalresultspr.com

©2010 CellTrust Corporation. All rights reserved. CellTrust, the CellTrust logo, and the CellTrust product names and logos are either registered trademarks or trademarks of CellTrust Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.

I came across an interesting article this morning on the SC Magazine web site this morning so I thought I’d share a brief excerpt and a link to the full article.

Bank log-in details could be targeted, say security experts.

Security experts are warning of a variant of the Zeus banking trojan that attacks mobile phones and can bypass the two-stage verification system used by some banks.

Zeus Mitmo is previously unknown malware that is designed to intercept the confirmation SMS sent out by some banks as part of the online log-in process, according to Spanish security company S21sec.

Read the full article on the SC Magazine web site.

CellTrust Removes Major Obstacle for Mobile Operators and Banks by Delivering OTA (Over-The-Air) NFC Configuration and Provisioning

SCOTTSDALE, ARIZONA, USA – August 25, 2010 – CellTrust Corporation, the world’s largest provider of SecureSMS for mobile phones (www.celltrust.com), announced today that it is preparing patent-pending, NFC-provisioning APIs using SecureSMS, in anticipation of NFC technology rollout beginning in early 2011.

NFC (Near Field Communication) is a short-range wireless communication standard that bundles a contactless chip with a contactless reader inside the mobile device. With NFC technology, consumers can simply wave or tap their phone within a few inches of a reader to transfer information to their mobile phone or to complete a mobile payment or transaction.

Designed to make life much easier for the end-user, provisioning NFC will require the carrier to send sensitive and confidential information to the mobile subscriber’s handset. While a few methods exist to provision NFC, CellTrust believes SMS is the optimal choice because it uses the mobile communications control channel, which is separate from voice and data and operates regardless of the voice or data being used. The control channel has high resiliency, low bandwidth requirements and was designed for carriers to send specific commands and instructions to the handset via SMS. It is important to note that standard SMS is not secure and can be spoofed. Provisioning NFC with CellTrust’s SecureSMS APIs addresses spoofing with a fully authenticated, government-grade, highly encrypted, tamper-proof process, which also enables message sizes up to 5,000 characters.

“At Juniper Research we forecast that 1 in 6 subscribers globally will have NFC phones by 2014,” said Howard Wilcox, Senior Analyst, Juniper Research. “NFC is all about ease and convenience for users although the first question from users usually relates to security. This announcement by CellTrust is an important development to quell peoples’ security concerns and enable the rollout of NFC enabled mobile wallets.”

NFC has the potential to be a significant, pervasive technology, but the lack of NFC chips in existing handsets and security concerns have held the industry back from wide-scale integration of mobile payments on NFC-equipped devices. CellTrust’s NFC solution could be a key driver in finally bringing mobile payments to NFC devices and unlocking the market potential for this technology.

CellTrust’s SecureSMS NFC APIs use Short Message Service Center (SMSC) and allow carriers to use their existing investment in SMS infrastructure while provisioning NFC, therefore a new NFC platform is not required. Carriers can easily integrate with the SecureSMS APIs and send secure commands and instructions to the handset to provision NFC with all types of transactions, including adding and deleting credit cards. CellTrust’s technology addresses the security gaps that exist with basic SMS, paving the way for NFC-enabled mobile devices to be securely used as an “electronic wallet.”

SecureSMS also gives mobile network operators an added level of security for OTA (Over-The-Air) configuration and provisioning of mobile devices compared to today’s standard SMS infrastructure, which is not tamper proof and can be spoofed.

“CellTrust’s SecureSMS NFC solution will make it easy for carriers and banks to implement and integrate NFC,” said Sean Moshir, Chairman and CEO of CellTrust. “We believe the cost savings for mobile operators will be substantial, since they will be utilizing their existing SMSC infrastructure.”

CellTrust’s SecureSMS Appliance is the first global enterprise appliance to offer secure SMS communication for handset to handset and enterprise applications to handsets with highly encrypted end-to-end security in compliance with HIPAA, FISMA, and Sarbanes-Oxley, ensuring that information is kept private and only delivered to the intended recipient. CellTrust’s award winning SecureSMS™ Appliance and Gateway reaches 200+ countries and over 800 carriers.

CellTrust SecureSMS™ Appliance was named winner of many industry awards by CTIA, Mobile Marketing Association, RCR Magazine, MobileTrax, and more.

About CellTrust Corporation

CellTrust is a leading provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™ featuring the SecureSMS™ Appliance and a suite of mobile applications provide advanced secure mobile messaging and information management solutions across 200+ countries and over 700 carriers. CellTrust ensures the secure and trusted exchange of information on mobile devices to the financial services, healthcare, government, education, energy, information technology, marketing, and travel, among other global industries. For more information about CellTrust’s Global, African, North American and Australian operations: www.celltrust.com, www.africa.celltrust.com, www.celltrust.com.au.

I was emailed a link to an article from one of our readers this morning confirming that yep you can rob banks with your Nokia 1100. Now I might be sensationalising things a little bit with my post, but read the full article posted on PCworld and you’ll realise that this is serious stuff.

Now if you were using SecureSMS from Celltrust to communicate with your bank or something similar issues like this could more than likely be avoided.

Loads of European banks provide their mobile banking customers with a list of sequential numbers and random requested checksums on a pice of paper or card. Without access to this physical list an attacker might be able to gain access to the banks online GUI but won’t be able to complete a fund transaction. This is a fairly secure method but carrying the piece of paper or card can be a bit cumbersome.

So think about it for a second, what’s more convenient and is always with you? Yep, your mobile phone.

It is becoming more common for banks to offer transaction authentication numbers (TAN) via SMS text messages. A customer registers his or her phone to receive the one-time passwords and the TAN is issued on-demand. Easy, simple, secure.

That brings us to this article: Criminals Pay Top Money for Hackable Nokia Phone

A company called Ultrascan Research Services claims East European gangs are paying BIG money for certain versions of Nokia 1100 phones. According to Ultrascan’s post some Nokia 1100 phones can be used to intercept SMS messages.

We don’t have details, we only know what is being claimed by Ultrascan. A bit of hunting around in the usual places has failed to bring up any requests or posts from would be gangster hackers offering sums of money for these phones.

To be worth the prices claimed to being paid (up to €25,000) the phone would somehow need to spoof the victim’s phone number WITHOUT using their SIM card. If that’s even possible then it is a very clever trick and suddenly enables the use of all of the past compromised account information that has been gathered by banking trojans.

That could prove to be a very sizable return on Ivan the Gangster’s investment, even for a €25,000 phone.

Scottsdale, Arizona, October 14, 2008 – CellTrust Corporation (www.celltrust.com), a leading provider of secure mobile messaging and applications, has been recognized as one of the 2008 Comerica Bank Arizona Companies to Watch. CellTrust will be receiving its fourth award this year when it is honoured at an awards ceremony during the second annual Comerica Bank Arizona Companies to Watch event, Nov. 11 at the Phoenix Convention Centre from 6-9 p.m. In addition, five companies will receive the Spotlight Awards in the following areas: Company Culture, Customer Service, Change/Innovation, Community and Commerce at the event.

“Comerica Bank Arizona Companies to Watch awardees are one of the reasons that Arizona leads the country in economic growth. Through the efforts of great employees who deliver innovative products and services, these companies are growing at over four times the national average!” says Joan Koerber-Walker, CEO of the Arizona Small Business Association. “ASBA is proud to be supporting this growing community of excellent companies. It’s about time they got the recognition they so richly deserve,” Koerber-Walker adds.

CellTrust provides a Secure SMS Gateway, which enables organizations to exchange critical information in a trusted environment on the mobile device with end-to-end privacy via a highly encrypted, tamper-proof process. The sender also has the ability to confirm when text messages are delivered and/or read.

“CellTrust is honoured to be selected as a company to watch and is committed to generating investment opportunities in Arizona while providing security and peace of mind to the mobile economy,” said Sean Moshir, CEO of CellTrust. “CellTrust believes in the growth and promise of technology in Arizona, and look forward to the next level of innovation as we move into 2009.”

Companies considered for the Comerica Bank Arizona Companies to Watch list must be second-stage companies, defined as having 10 to 100 full-time-equivalent employees and generating $750,000 to $100 million in annual revenue or working capital from investors or grants. In addition, the companies must be privately held and headquartered in Arizona.

Judges evaluated the companies for their demonstrated intent and capacity to grow based on one or more of the following

• Employee or sales growth
• Exceptional entrepreneurial leadership
• Sustainable competitive advantage
• Other notable factors that showcase the company’s success

Comerica Bank Arizona Companies to Watch is presented by ASBA (the Arizona Small Business Association), Arizona’s number one business association in collaboration with the Edward Lowe Foundation. The Edward Lowe Foundation supports entrepreneurship through research, recognition and educational programs, which are delivered through entrepreneur support organizations (ESOs) like ASBA, with a focus on second-stage companies.

About CellTrust Corporation

CellTrust is a leading provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™ featuring the SecureSMS™ Appliance and a suite of mobile applications provide advanced secure mobile messaging and information management solutions across 200+ countries and over 700 carriers. CellTrust ensures the secure and trusted exchange of information on mobile devices to the financial services, healthcare, government, education, energy, information technology, marketing, and travel, among other global industries. For more information about CellTrust’s Global, African, North American and Australian operations: www.celltrust.com, www.africa.celltrust.com, www.celltrust.com.au.

Media Contact

Kirsten Woodard or Yasmin Ezaby
Global Results Comms (GRC) for CellTrust
+1 949-681-8122 or +1 949-502-6760
kwoodard@globalresultspr.com or yezabi@globalresultspr.com

©2008 CellTrust Corporation. All rights reserved. CellTrust, the CellTrust logo, and the CellTrust product names and logos are either registered trademarks or trademarks of CellTrust Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.

CTIA Wireless, Las Vegas – April 1, 2008 – CellTrust™ Corporation (www.celltrust.com), the leading secure mobile information management and delivery provider, today announced that mobe, Inc., has selected CellTrust’s Global SecureSMS™ Gateway to ensure the secure transmission of SMS messages for payments, commerce, banking and other confidential content to and from its network of mobile bank account holders. mobe, Inc., in conjunction with University Bank, is a leader in mobile banking, mobile payments, merchant services, global remittance and banking security.

SecureSMS Gateway allows businesses to exchange critical information with customers in a trusted environment on the mobile device. Setting itself apart from consumer-grade SMS, CellTrust’s SecureSMS Gateway gives the message sender the ability to confirm when text messages are delivered and/or read via a highly encrypted, tamper-proof transfer process with no size limitations along with remote wipe functionality that ensures users can wipe the handset if it is lost or stolen.

As mobile consumers across all regions and age segments gain confidence in sending messages to friends and loved ones via text message, the trend of conducting more sophisticated and personal content will continue to rise. The increasing use of mobile devices to transfer funds between bank accounts and other important activities will become the standard of the industry in the near future, and CellTrust is providing the mobile industry with Secure SMS solutions that make high risk messages secure and safe from being read by others or tampered with during transmission.

“mobe, has an innovative approach to banking, looking at the large ‘underbanked’ population in North America, and the Global SecureSMS Gateway from CellTrust is giving us options we previously could not consider,” said Jim McLeod, president of mobe, inc. “We believe that certain information which could not have been sent to customers using consumer grade SMS can now be sent to consumers securely. CellTrust SecureSMS™ opens the door for many organizations to go beyond the limits of consumer grade SMS.”

mobe allows customers to send, receive, spend and secure money from anywhere in the world anytime of the day any day of the week, all through the convenience of a mobile phone. mobe stands to make a huge impact in the unbanked, peer-to-peer money transfer, merchant services and global remittance sectors.

“As mobile banking becomes secure we will see a paradigm shift in the way people do their banking,” said Sean Moshir, CEO of CellTrust. “Early adopters such as mobe, Inc. will begin to solidify their position in the space as did the Yahoos and E-bays of the Internet era. I believe the mobile industry will parallel the Internet era in many aspects and companies who do not act quickly will be left behind. The impact of Mobile Internet will be dramatic and CellTrust looks forward to being a part of making people’s lives more secure, convenient and comfortable.”

With mobe licensing CellTrust SecureSMS™ consumers now have the ability to conduct peer-to-peer secure money transfer and merchant services via the mobile phone. Consumers can transfer funds to their mobile phone, or someone else’s mobile phone, The mobe card, The Virtual Card, existing debit cards, and existing checking accounts. For example, when a teenager wants to buy books in a bookstore, they could notify their parents and the parents can immediately credit money to the teenager’s debit card with a simple, yet secure, text message for the purchase.

CellTrust’s SecureSMS™ Gateway was selected as a finalist in the Third Annual CTIA Emerging Technologies (E-Tech) Awards. To vote for CellTrust, please go by the award display at CTIA Wireless 2008 April 1-3 in Las Vegas, and vote by texting code 491 to 868464.

About mobe, Inc.

mobe (www.mobeinc.com) is a multi-industry leader in; mobile banking, mobile payments, merchant services, global remittance and banking security. Utilizing its state-of-the-art Gomobe platform they allow customers to send, get, spend and secure their money from anywhere in the world anytime of the day any day of the week all through the convenience of their mobile phone. The Gomobe platform positions them to make a huge impact in the unbanked, peer-to-peer money transfer, merchant services and global remittance sectors. Layered on top of their Gomobe platform is the patented AccountLock technology, putting customers in control of financial identity theft and fraud before it ever occurs.

About CellTrust Corporation

CellTrust is a leading provider of secure mobile messaging and applications. CellTrust’s patent pending Secure SMS Gateway™ featuring the SecureSMS™ Appliance and a suite of mobile applications provide advanced secure mobile messaging and information management solutions across 200+ countries and over 700 carriers. CellTrust ensures the secure and trusted exchange of information on mobile devices to the financial services, healthcare, government, education, energy, information technology, marketing, and travel, among other global industries. For more information about CellTrust’s Global, African, North American and Australian operations: www.celltrust.com, www.africa.celltrust.com, www.celltrust.com.au.

Media Contact

Kirsten Woodard or Yasmin Ezaby
Global Results Comms (GRC) for CellTrust
+1 949-681-8122 or +1 949-502-6760
kwoodard@globalresultspr.com or yezabi@globalresultspr.com

©2008 CellTrust Corporation. All rights reserved. CellTrust, the CellTrust logo, and the CellTrust product names and logos are either registered trademarks or trademarks of CellTrust Corporation. In addition, other companies’ names and products mentioned in this document, if any, may be either registered trademarks or trademarks of their respective owners.