News

08:26 AM
Ivan Schneider
Ivan Schneider
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

5 Critical Strategies for Mobile Banking Security

To the best of their ability, banks need to ensure that their services are available and secured within any mobile phone configuration. Because absolute security is nearly impossible to attain in the mobile world, banks’ back-end systems have to be prepared to detect anomalies and fraudulent activity in the event that a front-end channel has been compromised.
Previous
1 of 7
Next


By 2013, one-third of mobile phone users are expected to use mobile banking services. Already, one out of five Americans accesses financial information through a mobile phone, according to March 2012 research conducted by the Federal Reserve Board’s Division of Consumer and Community Affairs.

Yet the increasing use of mobile financial services has been accompanied by increased risk. According to Javelin Strategy’s 2012 Identity Fraud Report, smartphone owners are one-third more likely to have been victims of identity fraud in the past year. In part, these wounds are self-inflicted by smartphone owners who use outdated software, fail to use a home screen password or, most disturbingly, store their passwords as plain text on their mobile devices. The most advanced password protection in the world is no protection against someone who insists on saving his or her login details on an unprotected notebook page. It’s the mobile version of writing your password on a Post-It note attached to your monitor, made worse by the ease of losing a mobile device.


BS&T examines the rapid take-up of the mobile channel, the parameters of the security challenge, the common approaches taken by financial institutions to combat fraud, and the overall benefits of a multi-layered, multi-factor approach to mobile security and fraud prevention. To read more, download our special report.

Because regulations generally protect consumers from monetary loss in the case of online fraud, it’s not surprising that industry leaders say that they’re more concerned about fraud than their customers are. In a 2011 KPMG survey of business leaders in the financial services, technology, telecom and retail industries, security was viewed as the chief obstacle to the development of mobile payments strategies. By contrast, the same respondents believe consumers are much more interested in convenience, accessibility and ease of use.

Banks have to get both parts right. Mobile devices are designed for usability, with pared-down user interfaces and input options. Customers expect ease-of-use and seamless operation, and these factors have to be combined with effective security practices that maintain competitive parity with industry peers while meeting or exceeding regulatory requirements.

As more customers take to the mobile channel to perform higher-value activities, the threat of fraud increases. “Phones are little computers, facing the same malware threat that exists online,” says Julie Conroy-McNelley, research director for Aite Group’s retail banking practice. “Banks are very aggressively pushing higher-risk functionality out to mobile and tablet devices, and the fraud will follow.”

A truly comprehensive approach to mobile security involves security measures at up to five different points:

— The back end, with risk-based authentication and anomaly detection that examine requests for unusual or unexpected activity

— The application itself, which can contain multiple security features

— Out-of-band authentication, which relies on a separate device rather than just the smartphone itself

— The mobile operating system, which may offer security-oriented characteristics and settings

— The hardware, which might include layers of security beyond what a mobile OS can offer by itself

Based on interviews with leading industry analysts from Forrester Research, Mercator Advisory Group, Aite Group and ABI Research, this special report reviews the state of the art and discusses promising avenues for development for each of these five areas. The rapid pace of growth in the mobile banking and payments industries combined with the threat of fraud points to likely innovation at each of these levels, turning today’s R&D into tomorrow’s reality.

[Next: 1. Back-End Booster Shot: Risk-Based Authentication]

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
pjauregui
50%
50%
pjauregui,
User Rank: Apprentice
12/12/2013 | 4:15:56 PM
re: 5 Critical Strategies for Mobile Banking Security
Mobile developers still need to play their part by building and maintaining secure mobile banking apps.

Results from a recent study reveal that 8 out of 10 mobile banking apps contain build and configuration setting weaknesses. While the issues identified are merely informational in terms of risk, they do provide insight into the state of mobile development practices among leading megabanks, regional banks, and credit unionsG«Ųin short, basic security best practices are not being followed.

Download full report: http://www.praetorian.com/prom...
Natalie McCaughin
50%
50%
Natalie McCaughin,
User Rank: Apprentice
3/8/2013 | 10:00:36 PM
re: 5 Critical Strategies for Mobile Banking Security
I think people have become really comfortable purchasing online and assuming companies are providing some level of protection. As a consumer, its important to remember that your online security is sometimes not in your control - I was reading this blog and it was an interesting read on how to protect yourself even if you have been hacked: http://blogs.mcafee.com/consum...
Rock_Star
50%
50%
Rock_Star,
User Rank: Apprentice
7/25/2012 | 3:40:23 PM
re: 5 Critical Strategies for Mobile Banking Security
-ŠI depend a lot on shopping online and have
always been concerned about the risk of exposing my credit card information. A
must have is asking users to telesign in to complete a transaction by using
2FA. I am not sure why not all companies use this, in fact I feel suspicious
when an online store doesn't ask me to telesign in, now it just feels as if
they are not offering enough protection.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video