News

08:26 AM
Ivan Schneider
Ivan Schneider
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

5 Critical Strategies for Mobile Banking Security

To the best of their ability, banks need to ensure that their services are available and secured within any mobile phone configuration. Because absolute security is nearly impossible to attain in the mobile world, banks’ back-end systems have to be prepared to detect anomalies and fraudulent activity in the event that a front-end channel has been compromised.
Previous
3 of 7
Next


Increasingly, downloaded mobile apps have become the primary mobile interface between financial institutions and their customers. Still, older approaches remain in wide use. Prior to the runaway success of the iOS-powered Apple iPhone, non-Apple customers tended to use either SMS messaging for simple informational requests or the built-in WAP mobile browser, which is capable of rendering PC-oriented websites for smaller mobile screens.

SMS text messaging offers only limited capabilities for mobile banking, due to the asynchronous communication mode and restricted character count per message. Accordingly, SMS is best used for requests such as balance inquiries and finding the nearest ATM. However, balance inquiries are the most common usage for mobile banking, according to the Fed study cited in the introduction. If financial institutions hope to drive further adoption of mobile so as to shift transactions away from more-expensive channels, the replacement technology has to be just as easy to use.

[Five Bank Security Trends Shaping the Future of Fraud Fighting.]

Mobile banking access through a WAP-enabled browser is still commonly supported by some of the largest banks and credit unions, observes Mercator’s O’Brien. The problem with the WAP approach is that browser security largely depends on the security of the network being used. If the user communicates directly through a cell phone tower, that’s probably safe enough. But if someone has enabled WiFi and visits a bank website through a public hotspot, personal information can be captured through a “man-in-the-middle” attack.

“On an open network, someone may be able to intercept the communication and then make it appear that they are a legitimate process to the other side,” explains O’Brien. “Be aware of basic mobile phone protocol – don’t use an unsecured network in a retail store or a restaurant to access private information.”

Banks are far more capable of controlling the end-to-end session through a custom-developed, downloadable mobile application. Even so, downloading an application involves its own potential pitfalls. Aite Group’s Julie Conroy-McNelley spoke with a financial institution that, in a single 30-day period, requested the removal of over 200 rogue apps from one of the app stores.

That’s why it’s not enough to just provide an app to customers. Financial institutions also have to train those customers on how to find and download the correct app. “Make sure you download your banking apps from trusted sources,” advises Conroy-McNelley to bank customers. “Go to your bank’s website. If they have a mobile app, it’ll be available from there.”

Once the real application has been installed, the periodic application update process ensures that customers have the most current levels of protection. The mobile application can also enforce best practices in security, such as preventing passwords from being stored in the application or by deprecating the functionality of the application after a given time has elapsed.

[Next: 3. Evolution of Out-of-Band Form Factors: One-Time Passwords]

Previous
3 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
pjauregui
50%
50%
pjauregui,
User Rank: Apprentice
12/12/2013 | 4:15:56 PM
re: 5 Critical Strategies for Mobile Banking Security
Mobile developers still need to play their part by building and maintaining secure mobile banking apps.

Results from a recent study reveal that 8 out of 10 mobile banking apps contain build and configuration setting weaknesses. While the issues identified are merely informational in terms of risk, they do provide insight into the state of mobile development practices among leading megabanks, regional banks, and credit unionsGin short, basic security best practices are not being followed.

Download full report: http://www.praetorian.com/prom...
Natalie McCaughin
50%
50%
Natalie McCaughin,
User Rank: Apprentice
3/8/2013 | 10:00:36 PM
re: 5 Critical Strategies for Mobile Banking Security
I think people have become really comfortable purchasing online and assuming companies are providing some level of protection. As a consumer, its important to remember that your online security is sometimes not in your control - I was reading this blog and it was an interesting read on how to protect yourself even if you have been hacked: http://blogs.mcafee.com/consum...
Rock_Star
50%
50%
Rock_Star,
User Rank: Apprentice
7/25/2012 | 3:40:23 PM
re: 5 Critical Strategies for Mobile Banking Security
-I depend a lot on shopping online and have
always been concerned about the risk of exposing my credit card information. A
must have is asking users to telesign in to complete a transaction by using
2FA. I am not sure why not all companies use this, in fact I feel suspicious
when an online store doesn't ask me to telesign in, now it just feels as if
they are not offering enough protection.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.