WHY THIS COURSE?

The traditional cyber-security model is only useful if both endpoints are un-compromised, as in the case of an ATM or POS terminal, over which the bank (or its partners) have full control – Tjaart van der Walt, CEO, Course Director

The reason fraudsters are increasingly targeting mobile is because the traditional bank cyber-security model relies on end-to-end encryption, and controlling both the source and the destination points. This cyber-security model however does not account for the key risks inherent in routing data over GSM/LTE networks.

GSM/LTE architecture was designed for maximum interoperability, openness and ease-of-use. Deep systemic design issues inherent in GSM/LTE mobile and signalling networks means traffic and/or data is routinely exposed across many nodes in a typical Mobile network. While access to such mobile networks remains highly technical, and requires specialised skills and access, the stratospheric growth of mobile fraud is proof that this knowledge is no longer the domain of mobile networks and their employees and mobile cyber-security is a serious issue for banks and payment networks.

The Mobile Transactions & GSM/LTE cyber-security MasterClass, will teach you what Governments, hackers & fraudsters know  – that the inner workings of the Mobile (GSM/LTE/SS7) networks contain exploits and vulnerabilities useful to bad actors and hackers alike – however there are strategies, steps & strategic options open to secure mobile financial transactions and retain customer trust…

WHAT YOU WILL LEARN

In this course you will learn why modern GSM/LTE networks are inherently insecure and the risk this presents to Banks and Financial institutions; Learn how hackers exploit common GSM/LTE vulnerabilities and customer behaviour; and how a number of Innovative banks now integrate core features of GSM/LTE networks into their mobile security framework, and how a number of banks and mobile network operators are turning to Mobile Signalling ‘Big Data’ to stop mobile fraud in its tracks.

• What makes Mobile Networks so different?
• How is it Mobile Financial Transactions are so vulnerable?
• What makes Mobile networks inherently vulnerable?
• Smartphones – Android, Apple & App Stores & cyber-security
• Handsets – cyber-security, App stores, Risk & control
• Is “Handset state” App cyber-security the answer?
• Why (and how) does 2FA (two-factor authentication) fail?
• How can you secure OTP (One time PIN’s)?
• strategies, techniques and options for secure data across mobile networks
• How is Apple Pay & ‘Tokenisation’? a target for fraud?
• Learn the hidden glue behind mobile – SS7 Signalling
• Discover why should banks care about GSM/LTE & SS7?
• Truth & Obfuscation – Why IMSI feeds are unlikely to help?
• Can banks & non-Telco’s beat Mobile Fraudsters at their game?
• Mobile Frauds – examples, and cases studies from around the world

The course is ideally suited for those currently in these roles or preparing for roles in cyber-security including;

•  Risk & cyber-security Professionals & Project Managers
•  Mobile & Network Designers, Developers & Architects
•  Mobile Developers, Designers & Innovation Product Managers
•  Digital & Mobile Heads & Leaders
•  Information Systems Programmer/Senior/Lead/Manager
•  Application Architect
•  Applications Programmer/Senior/Lead/Manager
•  Computer Operations Manager/Specialist
•  Cyber Analyst/Specialist
•  Data Architect/Analyst
•  Data Modeller/Warehouse Manager/Specialist
•  Information Security Administrator/Analyst/Director/Manager
•  Information Systems Director/Generalist/Manager/Supervisor
•  Network Administrator/Engineer/Network Manager
•  Network Services Director
•  Programmer/Analyst/Senior/Lead
•  Project Manager/Senior/Lead
•  Software Engineer/Analyst/Senior/Lead
•  Systems & Programming Manage/Analyst/Senior/Leader
•  Systems Analyst /Analyst/Senior/Lead/Manager
•  Telecommunications Analyst/Manager/Supervisor/Technician

The State of Mobile Fraud
Session 1 (55 minutes)

•  The State of cyber-security, Mobile banking & payment fraud in 2020
•  Why ‘Mobile’ Devices represent a risk to banking & Payments (Apps, Devices & Networks)
•  Why the current model of banking security is incompatible with mobile networks

Introduction to GSM/LTE Networks (Part I) – Design & Signalling architecture
Session 2 (55 minutes)

•   Cyber-security, Mobile Networks & Mobile Banking
•  How mobile GSM/LTE Networks work
•  Why Mobile GSM/LTE Network design makes it so difficult to secure Mobile Financial Services
•  Some common hacker exploits and how they work (eg Gemalto hack). Case studies and Examples

Introduction to GSM/LTE Networks (Part II) – The Mobile Handset
Session 3 (55 minutes)

•  Apps & App Stores
•  Common Mobile App vulnerabilities and exploits & mitigations
•  Android & Apple vulnerabilities & mitigations
•  Mobile app ‘State’ and its exploits & mitigations

Introduction to GSM/LTE Networks (Part III) – Authentication & 2FA
Session 4 (55 minutes)

•  The benefits and drawbacks of OTP’s vs ‘App State’ monitoring
•  Designing a foolproof 2FA messaging architecture

Securing transactions over GSM/LTE networks (Part I) – Extending network nodes
Session 5 (55 minutes)

•  Extending & Integrating GSM/LTE nodes into Core Banking Architecture
•  Case studies – How two banks in the Pacific integrated GSM/LTE nodes into their core Banking architecture

Securing transactions over GSM/LTE networks (Part II) – A ‘Big Data’ design
Session 6 (55 minutes)

•  A model for using ‘Big Data’ for Mobile Financial Services Cyber-security,
•  Thoughts on Privacy, Security and Customer Data
•  Conclusion

 On-line Quiz – 30 minutes

This cyber-security course is constantly updated to reflect the needs of evolving security threats to mobile banking. This Course is only available online, so kindly get in touch to find out how to register, cost and when the next available course is run. Fill in the form, and we will send you all the details including Course Director Biography, course dates, times and related information