In today's world, people can do almost anything with their smartphones or tablet devices. From checking email, to staying connected via social media, to turning off the lights in the house while out on the town, people rely heavily on their handheld devices. There's one trend, however, that has many smartphone owners worried: mobile banking.
According to the Federal Reserve, only 21 percent of mobile phone users have used mobile banking applications in the past year. Yet most major financial institutions have mobile applications available for popular mobile phones. So why is only one in every five smartphone users utilizing those apps? Fear.
A recent study by Google found that many customers are worried about mobile banking security. This is mostly due to a misunderstanding or lack of knowledge of mobile banking security. Regardless, without confidence in security, people are not willing to interact with their life savings on their mobile phones.
Helping users lessen their fears should be a priority for financial institutions. As more users take advantage of mobile banking, financial institutions will be able to improve customer "stickiness," cut costs with automation and attract the unbanked into their electronic fold. To help alleviate mobile banking fears, financial institutions must help educate customers on the security used for mobile banking apps and explain how customers are protected.
Most users want easier and more convenient access to their bank accounts, but they are not aware of how safe it is to use a mobile banking app. In reality, banking via a mobile app is as safe as walking into a bank and interacting directly with a teller, and it is actually much more secure than banking through a browser on a personal computer. Why? Because banks can control the security on an app much easier than through a browser.
When customers use their browser to do their banking, they leave themselves open to malware and man-in-the-middle attacks. As we've seen in recent bank breaches, hackers can gain valuable information about users' bank login credentials, even their two-factor authentication credentials in some cases, by keylogging and stepping in between a user and his or her bank's website. Even when a bank has strong security, if users' computers are infected with malware or a virus, they may be vulnerable to attack. This same threat is also possible on mobile browsers.
The Security of a Mobile App
Mobile apps, on the other hand, provide a direct link from the device to the bank, without having to go through any additional browser or third-party application. This means banks have much better control over the security and connection of customer interactions. Because these apps are built specifically for a particular bank and its customers, the bank can provide a secure connection using SSL encryption and two-factor authentication that meets the institution's unique needs.
A consumer may ask: "What if someone gets a hold of my phone? Can't they then access my account?" Even if someone is able to obtain a customer's phone, they will still be required to put in a username and password, and if available, provide a second factor of authentication, in order to gain access to the accounts.
[Will EMV Prevent ATM Fraud?]
Along with these two factors of authentication, many banks have started implementing a third method of security: a profile of a customer's actions. Banks and other financial institutions are able to monitor a customer's actions when banking via a mobile app, creating a profile of those interactions. Thus, if someone gains access to customers' accounts via their mobile devices and begins interacting differently with the bank than they normally do (e.g., transferring large amounts of money or sending money to outside accounts), red flags will begin to fly. In such cases, banks will contact the customers to verify that they are the ones initiating the transactions, before allowing the money to be moved. This allows a customer to confirm the transfer, or request a lock on the account. Most banks require verbal passwords during these phone calls, so if the bank calls the phone that is being used to access the account, the person with your phone will not be able to continue their actions.
Another plus to using a mobile application is the fact that most smartphones and tablets can now be cleared or reset from remote locations. Thus, if someone steals or obtains a mobile device, the customer can use his or her computer or any other device with an Internet connection to clear any data and apps from the device, eliminating the possibility that someone else can use the phone to access the customer's account.
As financial institutions help customers better understand these security measures and the safety associated with using a mobile banking application, they can help alleviate the fears these customers experience. Customers are comfortable using personal computers and browsers because they are aware of the security available. They also are comfortable using bank websites because they assume the site is correct, especially when there are features to the site that show it is the bank's (such as the bank's branding).
As customers become more familiar with mobile banking app security and learn to trust a bank's mobile app brand, they will be more willing to use these tools. Pretty soon, customers will be just as willing to use a mobile banking app as they are an ATM, benefiting both the customer and the bank.
Tim Matthews is senior director of product marketing for Symantec's information protection team. He is responsible for setting product positioning and marketing strategy for data loss prevention, authentication and encryption solutions protecting hard disks, removable media, email, shared files and other critical data.