Online phishing has become a very serious problem and the root of the problem is the fact that the majority of computer users are not very technically savvy. Thus they fall easy prey to phishing attacks since they lack the instinct to check things such as a web browser's site address or security certificate. However even technically savvy users are falling victims with attacks such as the online banking re-write attack. In this attack cybercrooks are hiding evidence of a victim's diminishing bank balance by rewriting the online bank statements on the fly within the web browser!

As mobile banking becomes ever more popular it will most definitely be subject to similar attacks. The damage will likely be more severe since the penetration rates of mobile phones are higher than computers, and the average user is less familiar with a phone's extended features to be able to spot a potential attack.

The good news is that the emergence of the native application and AppStore model being used by most smart phone manufacturers may inadvertently provide protection against such attacks in mobile banking. If mobile banking functionality is ONLY delivered through a dedicated phone application (downloaded and verified from the smartphone AppStore) then the possibility of phishing attacks and interceptions is greatly reduced. Users would not have to be tech savvy to protect themselves since they will be accustomed to only being able to access their mobile banking channel through this authorized application. The application itself would incorporate the necessary communication security to prevent interception and hacks. Of course the user is still susceptible to attacks where a phone virus would overwrite/replace the mobile banking app but one would hope that phone OS manufacturers would not expose this type of vulnerability.

This inherent security may be a compelling reason why mobile banking providers should avoid simpler channels such as WAP, SMS or mobile web browsing altogether.