Snippet: With seven billion mobile phone subscribers globally, it’s imperative the financial services industry move quickly to roll out retail and corporate banking services on the one device their customers always have with them: their mobile phone.

With seven billion mobile phone subscribers globally, it’s imperative the financial services industry move quickly to roll out retail and corporate banking services on the one device their customers always have with them: their mobile phone. The channel has enormous potential, but many banks have hesitated to offer a complete range of financial services through it because of concerns over security. This is especially true for high-value, high-risk transactions, such as wire transfers, ACH or stock trading.

To help educate the industry and put these fears to rest, Entersekt recently teamed with veteran information security expert, John Haggard, vice president of operations at Syntegrity Networks, to discuss the value of leveraging the computing power and connectivity of the mobile device to provide anywhere, anytime banking securely.

During the webinar, Haggard and Entersekt’s chief technology officer, Christiaan Brand, addressed the following:

  • Balancing security and customer convenience 
    • Mobile malware is increasing in frequency and sophistication. Trend Micro predicts malicious and high-risk app volume to reach three million by the end of 2014. In banking, these agents typically target SMS one-time passwords (OTPs) or the voice channel, intercepting and redirecting calls and text messages.
    • Bank customers are concerned about mobile banking security, but they are also frustrated by the poor user experience associated with current security measures
    • Mobile users want a user-friendly, low-friction interaction, enabling them to execute transactions quickly and with little fuss: no typing OTPs, answering challenge questions or carrying a second device, like an OTP hardware token or USB device
  • Mobile banking app best practices 
    • Harness the power of public-key infrastructure to positively identify the user’s mobile device with a unique digital certificate and encrypt all messaging between the mobile device and financial institution
    • Avoid reliance on compromised native device security with self-contained crypto and certificate store
    • Build a second, secure channel to the user in order to provide out-of-band, two-factor authentication on one device, without users even having to switch apps
    • Take a layered approach to boost security for high-value, high-risk transactions
    • Avoid SMS for its susceptibility to fraud and poor user experience
    • Use mobile-specific features to aid the user – push authentication requests to the device and provide a one-touch Accept/Reject experience
    • Reduce keystrokes – yet another reason to avoid OTPs and challenge questions
  • A demonstration of how Entersekt helps banks eliminate online and mobile banking fraud while providing their customers with a truly distinctive, user-friendly experience

During the question and answer session, the following issues were also covered: 

    • Compliance with FFIEC, MAS and other regulatory requirements
    • Vulnerabilities of various phone types
    • Native mobile operating system security
    • Fingerprint biometrics and TouchID
    • Integration
    • Fraud analytics
    • Invalidating a device

Click here to view the webinar recording.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.