Snippet: BankInfoSecurity reports that by 2017 there will be more than one billion mobile banking customers globally, proving yet again how transformative mobile technology continues to be in the lives of people everywhere. Of course, as the mobile banking channel takes off, so its attractiveness to cybercriminals will grow in direct proportion.

BankInfoSecurity reports that by 2017 there will be more than one billion mobile banking customers globally, proving yet again how transformative mobile technology continues to be in the lives of people everywhere. Of course, as the mobile banking channel takes off, so its attractiveness to cybercriminals will grow in direct proportion. 

Financial institutions are working hard to expand their mobile banking offerings to meet their customers’ expectations of convenience. In doing so, they have to strike some kind of balance between ease of use, the costs of implementation and maintenance, and most important, security. Mobile banking sites, for example, are quicker and cheaper to deploy and maintain than mobile phone applications typically are, but they often suffer from inadequate security that risks exposing users to phishing and man-in-the-middle attacks. 

As with online banking, mobile banking fraud centers on fraudsters’ attempts to obtain confidential login information – including passwords, PINs, and one-time passwords – to gain access to accounts. To stay ahead of the criminals, banks must reliably authenticate users accessing the mobile channel. 

Many authentication systems in use today score poorly with banks due to their complexity, particularly in implementation and integration. Approaches that require user-held hardware are expensive to operate and require ongoing administration and customer education. Many of the more popular systems have had a measurably negative impact on the user experience because of issues with speed and transparency. Online banking users may find one-time passwords an unwelcome inconvenience, but mobile banking users absolutely detest them.

To ensure their customers’ information and accounts remain protected, while simultaneously meeting organizational demands for efficiency, banks should investigate mutual authentication on the mobile phone. This involves both parties – the bank and their customer – verifying each other in real time, from wherever the user happens to be. 

A few years ago, the Financial Services Technology Consortium reported: 

Better institution-to-customer authentication would prevent attackers from successfully impersonating financial institutions to steal customers' account credentials; and better customer-to-institution authentication would prevent attackers from successfully impersonating customers to financial institutions in order to perpetrate fraud.

Entersekt’s patented authentication system does just that. It uses a public-key infrastructure to create a secure, out-of-band communication channel, based on mutual authentication, between a bank and its customers’ mobile devices, eliminating the need for hardware tokens or one-time passwords. All communication is encrypted end-to-end and cannot be intercepted by outside parties. The bank retains full control over registering users, and registration is independent of networks or SIM cards. This means that, if the phone is stolen, the bank can revoke the certificate, rendering the application unusable. Our mobile banking authentication solution effectively counters all phishing, man-in-the-middle/browser, keystroke logging, and number porting attacks.

For more information on how to offer a user-friendly and secure mobile banking experience, visit Entersekt’s customer authentication solution.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Tags

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.