Building the business case for mobile banking security

As part of the smartphone and smart device revolution, mobile banking has become a popular method for people to manage their finances. The benefits of mobile banking are two-fold: users can bank in a more convenient manner and banks can use smartphones as a way to better engage with their customers.

Recent research by RateWatch has shown that 81% of the financial institutions surveyed are currently offering mobile banking services, which is a clear indicator of its popularity. With this in mind, it should be expected that customers will be able to conduct their banking activities on a wider range of mobile IoT-connected devices in the near future.

However, the same survey also showed that 36% of consumers are still not using mobile banking due to the perceived security risks. This, allied with an ever-evolving cyber threat landscape and the rapidly expanding Internet of Things, means that finding a way of making mobile banking more secure is crucial, says Olivier Thirion de Briel – Global Solutions Marketing director, HID Global.

Why mobile banking security is essential

Banks have worked hard to deploy effective security frameworks for traditional online banking. However, mobile banking presents its own unique challenges, including growing malware threats that specifically target the mobile channel. As a result, any attempt to leverage existing online banking infrastructure and tools will result in a much higher risk profile, unless steps are taken to adopt mobile-centric security.

There are several ways in which mobile banking presents its own unique challenges:

    • In a relatively short space of time, mobile devices along with house keys and the wallet are the three must-have items when leaving the home. With the use of mobile payments and mobile keys, there is a very real possibility that mobile devices could one day replace physical keys and wallets altogether. This means that mobile security becomes even more important in the event of device loss or theft, but also enables banks to make mobiles a core part of a user authentication strategy, due to the various features they contain. These include GPS, pressure sensors and biometrics.
    • Mobile usage is all about providing a positive user experience. As such, users expect access to apps, services and content to be seamless with strong security operating in the background as standard. This makes striking the balance between security and user experience more important than ever before.
    • As a rule of thumb, mobile devices support always-on email, SMS, browsing and a gesture-based approach to using mobile apps. This encourages users to open unsolicited emails and attachments, visit untrusted websites, download third-party apps and reuse the same login credentials across multiple sites. This makes mobile devices vulnerable to a growing array of security threats, including phishing, malware and social engineering.
    • Increasing use of unsecured Wi-Fi connections, as opposed to traditional wired networks means users are more likely to inadvertently compromise their device’s security.
    • The mobile threat landscape is evolving rapidly, with cybercriminals becoming increasingly savvy in their methods. Symantec’s 2016 Internet Security Threat Report revealed a 77% increase in the number of new Android mobile malware variants between 2014 and 2015, with malware such as XcodeGhost also enabling hackers to target Apple’s operating system.

In order to securely deliver mobile banking and payment services, and to increase user confidence in the safety of banking on their mobile devices, banks must provide multi-layered security. Their solutions must address the potential challenges that can occur throughout the transaction.

This includes challenges at both the front end (consumer devices), the back end (banking systems that recognise and facilitate legitimate user requests through mobile devices), as well as the channel connecting the front and back ends.

Olivier Thirion de Briel of HID Global

Bringing this peace of mind to users helps to drive further adoption of mobile banking, thereby bringing added revenue and profits while improving the user experience. At the same time, banks can safeguard themselves from the severe reputational impact that a data breach can have.

What a mobile banking security solution should offer

In order to ensure adequate mobile banking security measures, without compromising on the all-important user convenience, banks should look for certain key capabilities when choosing a solution:

    • Support for an integrated, multi-layered approach. Mobile banking customers expect to be kept safe, even if their behaviour is not in line with cybersecurity best practices. Solutions that utilise a wide array of authentication methods to identify the customer and provide end-to-end protection at the device, the app, the connection and the back-end server are typically the most resilient.
    • Ability to easily assign and configure multiple authentication methods to different audiences. Look for a solution that is highly configurable, supports multi-tenancy, and can apply any combination of multiple authentication methods across different banking channels, user populations and banking divisions according to role and policy. Such an approach will allow the bank to lower its cost of operations by managing all of its authentication needs from a single platform, even if it operates through numerous banking divisions and entities located globally. It will also allow customers who have multiple accounts with the bank to log on to these accounts with a single sign-on, thereby improving user experience.
    • Mobile application security. With a marked increase in malware targeting mobile apps, the best security solution should address these safety concerns. Solutions should include debugger detection, emulator detection, tamper detection and code obfuscation detection amidst other mobile application protection methods.
    • Threat intelligence gathering to spot potential problems based on risk analysis before and after they infect the system and users’ devices. The best mobile security solutions anticipate and recognise both known and emerging potential threats, and can use contextual information to correlate the threat surface against expected user behaviour, device configurations and threat profile.
    • Strengthened compliance frameworks. Compliance regulations are far more than a prescribed method for passing an annual audit. Being in compliance with requirements such as PCI strengthens the entire security chain for mobile banking, reducing risk for the banks and increasing confidence for consumers. Your chosen mobile banking solution should support compliance frameworks as integrated functions, not as add-ons.
    • Strong authentication without impacting user experience. While it makes sense to use two-factor (or more) for mobile banking security, users don’t want to spend a lot of time validating their identity and user privileges in order to check balances or make payments. Customer friction can be minimised without compromising security by running most authentication methods ‘behind the scenes’, so that user involvement via a step-up authentication is only required when absolutely necessary according to policy settings and risk profile.

Mobile banking – an essential consumer banking method

Mobile banking is here to stay and will only grow in popularity in the coming months and years, With this growth comes renewed security concerns, including the need to protect apps against the spectre of an expanding threat landscape. It is crucial for banks to focus on developing and implementing mobile security strategies to minimise exposure of customer data, financial loss as well as the reputational damage of a severe data breach.

The most effective solution for banks lies in finding a solution that provides watertight security while maintaining a positive user experience. Convenience is paramount for today’s consumers, so striking the right balance between security and experience and providing a seamless experience should be given close consideration if a bank wants to maintain its competitive advantage.

The author of this blog is Olivier Thirion de Briel – Global Solutions Marketing director – Identity and Access Management Solutions with HID Global.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Eurotech launches Everyware GreenEdgefor IoT device management

Posted on: May 7, 2024

Eurotech has introduced Everyware GreenEdge, a software formula designed to address typical challenges that occur during the onboarding and management of edge IoT devices at scale. These challenges include time-consuming

Read more
smart roads

Pairpoint, Deloitte and Nexxiot forge alliance for global cargo

Posted on: May 7, 2024

Pairpoint, Vodafone and Sumitomo Corporation’s Economy of Things business, and Deloitte and Nexxiot have joined forces to offer digital services that speed up the flow of goods worldwide. The new

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more