5 Critical Strategies for Mobile Banking Security

To the best of their ability, banks need to ensure that their services are available and secured within any mobile phone configuration. Because absolute security is nearly impossible to attain in the mobile world, banks’ back-end systems have to be prepared to detect anomalies and fraudulent activity in the event that a front-end channel has been compromised.
July 20, 2012


By 2013, one-third of mobile phone users are expected to use mobile banking services. Already, one out of five Americans accesses financial information through a mobile phone, according to March 2012 research conducted by the Federal Reserve Board’s Division of Consumer and Community Affairs.

Yet the increasing use of mobile financial services has been accompanied by increased risk. According to Javelin Strategy’s 2012 Identity Fraud Report, smartphone owners are one-third more likely to have been victims of identity fraud in the past year. In part, these wounds are self-inflicted by smartphone owners who use outdated software, fail to use a home screen password or, most disturbingly, store their passwords as plain text on their mobile devices. The most advanced password protection in the world is no protection against someone who insists on saving his or her login details on an unprotected notebook page. It’s the mobile version of writing your password on a Post-It note attached to your monitor, made worse by the ease of losing a mobile device.


BS&T examines the rapid take-up of the mobile channel, the parameters of the security challenge, the common approaches taken by financial institutions to combat fraud, and the overall benefits of a multi-layered, multi-factor approach to mobile security and fraud prevention. To read more, download our special report.

Because regulations generally protect consumers from monetary loss in the case of online fraud, it’s not surprising that industry leaders say that they’re more concerned about fraud than their customers are. In a 2011 KPMG survey of business leaders in the financial services, technology, telecom and retail industries, security was viewed as the chief obstacle to the development of mobile payments strategies. By contrast, the same respondents believe consumers are much more interested in convenience, accessibility and ease of use.

Banks have to get both parts right. Mobile devices are designed for usability, with pared-down user interfaces and input options. Customers expect ease-of-use and seamless operation, and these factors have to be combined with effective security practices that maintain competitive parity with industry peers while meeting or exceeding regulatory requirements.

As more customers take to the mobile channel to perform higher-value activities, the threat of fraud increases. “Phones are little computers, facing the same malware threat that exists online,” says Julie Conroy-McNelley, research director for Aite Group’s retail banking practice. “Banks are very aggressively pushing higher-risk functionality out to mobile and tablet devices, and the fraud will follow.”

A truly comprehensive approach to mobile security involves security measures at up to five different points:

— The back end, with risk-based authentication and anomaly detection that examine requests for unusual or unexpected activity

— The application itself, which can contain multiple security features

— Out-of-band authentication, which relies on a separate device rather than just the smartphone itself

— The mobile operating system, which may offer security-oriented characteristics and settings

— The hardware, which might include layers of security beyond what a mobile OS can offer by itself

Based on interviews with leading industry analysts from Forrester Research, Mercator Advisory Group, Aite Group and ABI Research, this special report reviews the state of the art and discusses promising avenues for development for each of these five areas. The rapid pace of growth in the mobile banking and payments industries combined with the threat of fraud points to likely innovation at each of these levels, turning today’s R&D into tomorrow’s reality.

[Next: 1. Back-End Booster Shot: Risk-Based Authentication]

Bank Systems & Technology encourages readers to engage in spirited, healthy debate, including taking us to task. However, Bank Systems & Technology moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Bank Systems & Technology further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
< Previous 1 2 3 4 5 6 7 8 Next > 

< Previous 1 2 3 4 5 6 7 8 Next >