Securing mobile banking apps - Mobile World Live

Securing mobile banking apps

01 NOV 2010

By Mike Warriner, CTO, Intelligent Environments This first appeared on Mobile Apps Briefing

Financial institutions regularly cite security as a barrier to the delivery of mainstream mobile services to the market. Indeed, in today’s world of direct banking via mobile and the internet, the consumer is becoming increasingly aware of the security risks that exist.

Online security breaches can garner high profile publicity which not only heightens consumer fears but also highlights to banks the significant reputational damage that can result from a security issue. For the app developer, an acute understanding of the critical nature of security in the financial services industry has to be a given. Indeed, while mobile banking apps are in their infancy, it is critical to ensure that developers and financial institutions get it right first time and the customer experience is positive.

The good news for mobile banking uptake is that there is evidence to show consumers are becoming more confident in mobile banking services as their familiarity with mobile apps and instant account access increases. In a recent YouGov survey commissioned by IE, 61 percent of UK adults stated that security concerns would not prevent them from using mobile banking. Furthermore, Morgan Stanley predicts in its Internet Trends report that accessing the web via a mobile device will overtake desktop internet by 2015.

The dynamic nature of security threats

In comparing the online security threats aimed at financial institutions, we have seen a rapid evolution in the type of threats posed. As each individual breach is protected against, a different one emerges as the fraudster continues to target the weakest link.

As more and more services are delivered through mobile web and mobile applications, security experts predict that there will be a sharp increase in the number of trojans and malware targeting the mobile, paralleling the internet.

Developers can apply the lessons learned from internet banking to help mitigate security breaches via the mobile channel. They must ensure that they work closely with security experts within financial institutions to create the strongest security for mobile banking apps. Mobile banking applications should also be regularly updated to ensure ongoing customer protection.

The three security questions that app developers must be aware of…

Consumers generally have three main areas for concern when it comes to financial data security. App developers must know about these and bear them in mind when working with financial institutions to develop mobile banking solutions:

  1. How do I know this app came from my bank?
  2. How can I use a secure sign in that is also not too time consuming and lengthy?
  3. How do I know that the data on my mobile banking app is safe?

There is no single trusted distributor of apps across all phone platforms. This means that app developers must work with trusted technology partners that can add credibility to the app they are creating. It is also up to all stakeholders involved in bringing new apps to market to educate consumers on the security settings. Mobile applications can cryptographically secure your data which means that all a user needs to do is prove that they are authorised to use the app with a simple but secure password. It is also critical for app developers to incorporate a remote blocking feature that can disable mobile banking should the phone be lost or stolen.

Will security impede mobile banking app developers?

It’s clear that the threat of malicious activities aimed at mobile consumers will never go away and that these threats should be tackled proactively. However, mobile applications and services may be more secure than many realise and, in the case of smartphone apps, they offer a degree of security in advance of the online world.

Education is key to this challenge – security is a topic which should no longer be taboo. While it is not the developer’s responsibility to educate consumers on the security of mobile banking, they can support financial institutions and mobile operators in their efforts to take visible steps to allay fears.

For example, obvious security features, such as password and even biometric authentication, give customers peace of mind as they feel they themselves are acting to secure their details.

With relationships between handset manufacturers, operators and financial institutions still forming, it is important that developers present solid applications that house all security requirements within the app. This will help to move financial institutions on from the planning to the rollout phase in mobile banking delivery.


Mobile World Live

Mobile World Live is the online service dedicated to providing the mobile industry with daily news coverage & analysis of the biggest global market developments.

Read more