The smart phone is one of the most popular products because it's feature-rich and easy to use. Because its features so that users can easily obtain the needed information, and the application of a variety of mobile commerce came into being, mobile banking is one of them. Consumers can transfer money, trading funds through the mobile banking system and access to financial information and living information. The smart phone's convenience is expecteds by consumers, but it connects to the bank host through wireless telecommunications network and internet, resulting in security-related issues. Mobile banking system is exposed to the environment of the Internet and wireless telecommunications network. Customers had to be aware that these systems could be subject to attacks by hackers, Trojan horses, denial of service programs or virus, and also made viruses, Trojans and other threats to the spread of the pipeline. It is also vulnerable to the theft of confidential information tampering with files and damage of systems by interested parties. How to ensure the security of mobile banking transactions has gradually become an important issue. This study is to improve the mobile banking transaction security and information security risk management level to assess mobile banking system security through the international-standards ISO/IEC27001:2005, and to provide advice and compensating control measures for the protection of personal data, as well as outsourcing and internal control. The study recommends the implementation of regular customer satisfaction surveys, which will help to find the related problems and to take the necessary control measures, and enhance the information and communication security of the mobile banking. This study's main findings are as follows. (1) the threat of the smart phone mobile banking system is mainly from the personnels inside the organization. Information security standards proposed control measures can be used to ensure the appropriate controls. (2) The most important mobile banking's information assets, such as consumer's ID and password, mobile banking systems, and host management. The bank should take much control for those assets to lower the risk. (3) The insufficient of important information asset control for the mobile banking system, such as off-site / local backup system, mobile banking ID / password management, the permissions of the host management, and log server management, should be based on the ISO 27001 proposed control measures. As a result consumers can be in a safe, easy to use financial services environment.