Snippet: Here’s a problem. Surveys repeatedly indicate that a sizeable percentage of consumers doubt the security of mobile banking and payments, mindful of the wealth of personal information stored on their phones and suspicious of assurances that their data and money are adequately protected from mobile attack.

Here’s a problem. Surveys repeatedly indicate that a sizeable percentage of consumers doubt the security of mobile banking and payments, mindful of the wealth of personal information stored on their phones and suspicious of assurances that their data and money are adequately protected from mobile attack.

The Federal Reserve Board’s Consumers and Mobile Financial Services 2014 report says that of U.S. consumers who do not use mobile banking – a cohort still comfortably in the majority – 69 percent cited security as the primary reason for not doing so. Of those who do not make payments using their phones, 63 percent gave “fears over the safety of the channel” as the reason. Even early adopters of mobile banking often limit their activities to checking their account balances or recent transactions, shying away from money transfers or payments.

The irony here is that, as worried as consumers are about safety, they also report feeling frustrated by the security measures already in place to protect them on this channel.

Mobile functionality promises consumers casual, on-the-go convenience and instant accessibility like few technologies have ever done. On the other hand, small screen sizes and keypads, fluctuating download speeds, limited functionality and still immature user interface design can present hurdles that users of desktop computers do not face. Add to the mix obstructions that are intended to keep their accounts safe from intruders, and the entire experience can begin to feel too onerous.

Mobile users want an easy to use, low-friction interaction, enabling them to execute transactions quickly, with a minimum of taps and key strokes, and little additional fuss. Whether at a restaurant, on a train, or on the couch watching television, they don’t want to type in one-time passwords (OTPs) or answers to challenge questions, or carry a second device, such as a hardware token.

For financial institutions to boost mobile banking adoption and unlock the channel’s enormous potential, to remain relevant in the era of mobile technology, it is important to design a secure mobile banking service that scores highly on user experience.

Easier said than done?

Here’s how to do it

There are four steps banks can take to provide next-generation mobile banking security, build trust in the channel, improve usability and drive customer engagement and loyalty.

  1. Avoid reliance on SMS, OTPs and native device security

Eliminate any technology that relies on OTPs, which are easily compromised; SMS message delivery, which is doubly vulnerable; and native mobile operating system device security, found time and again to be riddled with flaws.

  1. Harness the power of public-key infrastructure on the mobile

Deploying industry-standard digital certificates to mobile phones and tablets allows them to be uniquely identified, transforming them into reliable second factors of authentication. Each certificate positively identifies a device, confirming a user’s identity when logging onto the mobile banking app without them having to enter OTPs or answers to challenge questions, or rely on non-authoritative device fingerprinting techniques.

  1. Build a second, secure channel for user and transaction authentication

End-to-end encryption of data substantially limits the chances of it being accessed or modified in transit. For truly secure user and transaction authentication on the mobile device, implement a separate, bi-directional channel between bank servers and users’ mobile devices. This second, encrypted channel to the user can provide out-of-band, two-factor authentication on one device, without users even having to switch apps.

  1. Take a layered approach to boost security for high-value, high-risk transactions

Additional components or factors can also be used to augment and further strengthen security for high-value transactions. These might include PINs, contextual data and biometrics.

Want more detail? For more information on this important topic, download Entersekt’s complimentary white paper, Securing the Mobile Banking Channel.

Subscribe to our blog.


Entersekt editor

Entersekt editor

An avid scowler and violent sharpener of pencils, Editor’s bark is worse than her bite. Every scrap of writing that crosses her desk she treats with the same care she would her own privately published comic verse. Any orphans and misfits, she takes under her wing. After hours, she practices amateur type design and represents her local library in extreme kerning competitions.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.