The world has enthusiastically embraced mobile technology. Within a few short years, mobile applications have become a staple of daily life, serving as sources of information, productivity tools or entertaining ways to pass the time. It did not take long for the financial services industry to spot mobile’s potential. They moved quickly to roll out mobile banking apps, and retail banking customers were quick to take advantage of the time-saving convenience and accessibility the apps offered.
Doubts over mobile security have, however, kept a sizeable percentage of consumers from adopting mobile banking. Security concerns have also caused banks themselves to hesitate offering a full range of financial services through the mobile channel. But what are the particular vulnerabilities affecting this channel and how serious are they? Here are six significant threats facing the mobile banking channel today.
1. Poor mobile app design and configuration
Mobile banking apps tend to be safer than banking using a mobile browser, but a growing number of data breaches and security incidents can be linked directly to poor code quality in banking apps. Every mobile platform has its own quirks that developers must accommodate, and each device presents a unique set of challenges to overcome. Mobile app developers do not always understand today’s risks and most are not up to the task of securing mobile data, connections, and transactions.
2. Operating systems’ cryptographic vulnerabilities
Mobile banking apps often lack adequate implementation of SSL or certificate validation. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are the most important digital security protocols in use today, used to establish encrypted links between computers and servers and to ensure that any server is what it purports to be, thus helping to prevent phishing and man-in-the-middle attacks.
3. Mobile malware’s explosive rise
Mobile malware often takes advantage of software bugs and vulnerabilities. Hackers and cybercrime syndicates are doing everything possible to exploit the situation with thousands of new mobile banking trojans and hundreds of thousands of other malicious programs.
4. The weakness of mobile device identity
Mobile devices share an important characteristic: they are very hard to tell apart. The problem is their weak “device fingerprint.” Device fingerprinting involves gathering information about a remote computing device in order to identify it uniquely. Once fingerprinted and added to a database, the device can be recognized in the future for a wide range of purposes, including preventing fraud and protecting against account takeover.
5. Flawed authentication with OTPs
Mobile banking fraud centers on fraudsters’ attempts to obtain confidential login information – including passwords, PINs, and token codes – to gain access to accounts. Banks must reliably authenticate users accessing the mobile channel. Two-factor authentication in mobile banking has typically relied on the one-time password (OTP), which, apart from the poor user experience it offers on mobile, is no longer effective in stopping account takeover fraud.
Entersekt's Customer Authentication solution offers omnichannel authentication with unrivalled user experience.
6. Insufficient oversight of a fast evolving ecosystem
The lack of sufficient government oversight of this fast evolving ecosystem raises concerns for the industry and consumers alike. While the FFIEC (Federal Financial Institutions Examination Council) has issued ample guidance on online banking security, it has not addressed authentication and identification controls on mobile. There has been speculation that the FFIEC will issue guidance in this area soon. In the meantime, other bodies have stepped into the breach and developed guidelines for financial institutions that address aspects of mobile banking security.
Consumers need mobile banking that balances security and convenience
In order for financial institutions to prosper in the mobile era, it is imperative that they build trust in the mobile channel. However, security cannot compromise usability. Ease of use, or the lack thereof, is another important factor hindering adoption, as countless surveys indicate.
Competition is tougher than ever before in today’s financial services marketplace. There has never been a more important time for financial institutions to differentiate themselves through technological innovation. They must recognize and respond to their customers’ concerns and provide positive mobile banking experiences that balance heightened security and convenient access.
Find out how bankers can counter these threats. Read our white paper, Securing the Mobile Banking Channel.