Hi All,

Please join us tomorrow for a presentation by Sam Castle on his ongoing PhD
research here at UW.  Sam will be talking about fraud in the digital
financial service ecosystem of emerging markets.

*What: *Sam Castle - Addressing the Challenges of Fraud in Financial
Servicesfor Emerging Digital Economies
*When: *12pm, Tuesday February 14
*Where: *CSE 203


*Abstract*
According to the World Bank, more than 2 billion people worldwide have no
access to any financial services. In the developing world, where
traditional banking infrastructure is limited, 8 out of 10 people now own a
mobile phone, which can be used to save, send, and borrow money. Where
there is money, there must be security, yet prior work on mobile money
identified discouraging vulnerabilities in the current ecosystem. We assess
these security concerns from two directions: (1) the risk introduced by
existing vulnerabilities and (2) the actual exploits which occur in
practice. We begin by defining a systematic threat model for this domain
and applying it throughout our work. To understand existing
vulnerabilities, we conducted a large-scale analysis of 197 current Android
deployments and examined 71 products in more detail. After detecting
substantial potential vulnerabilities, we interviewed 7 software developers
in Africa and South America to investigate the root causes of !
 these issues. We found that competent developers consistently lack
relevant security tools, and we propose a way forward for designing such
tools. In parallel research we attempted to measure the prevalence of
exploits occurring in practice. Based on anecdotal evidence from users,
mobile operators, and news sources, social engineering is the most common
attack on mobile money users. We collected a new corpus of data on phishing
over SMS, and we present an initial evaluation of this phenomenon with
proposals to mitigate the risk of fraud.
_______________________________________________
change mailing list
change@change.washington.edu
http://changemm.cs.washington.edu/mailman/listinfo/change

Reply via email to