When it comes to fraud and identity theft, one rule remains constant - fraudsters will follow the money. As mobile devices are ramping up incidents of mobile virus and mobile malware are likewise on the upswing.

New research from TowerGroup finds that 2007 will be the year that new banking and payment initiatives in the mobile channel will be increasingly targeted by those engaged in fraud and identity theft, with the goal of infecting or otherwise compromising mobile devices.

These targets will include deployments where a mobile device acts as >a credit or debit card.  Like malicious software (or "malware") in the wired world, mobile viruses are small programs that infect a host device. While most mobile phones are potential targets, smart phones and wireless PDAs as particularly attractive to fraudsters given their advanced capabilities to support PC-like applications including Web browsing and instant messaging.

TowerGroup believes that current mobile commerce initiatives emerging from the financial services >industry lack a reasonable and justifiable focus on mobile malware.

Highlights from the findings include:

• - TowerGroup estimates that employees within 80% of U.S. financial institutions are already using smart phones, including the BlackBerry, in a mix of professional and personal capacities.
• - As the mobile channel continues its rapid growth, the complexities >surrounding security, including identity theft, consumer privacy and fraud, are exponentially increasing.
• - TowerGroup recommends that financial services institution CIOs and IT managers take the following steps to protect against virus attacks on mobile devices, and infiltration of these viruses into institutional computer networks and databases:
• * Create enforceable policies regarding mobile usage that are communicated to employees, including what type of mobile downloads are safe and allowable
• * Require wireless carriers serving an institution on an enterprise level to install and monitor mobile safeguards
• * Restrict the use of personal mobile phones that can be used for corporate activities, mirroring the security and protocols now in place for PCs
• * Evaluate which combinations of network and device based security solutions represent the right fit for the institution - and prioritize their deployment