While mobile banking applications are becoming the wave of the future, if not constructed securely, they could allow hackers to hijack your customers' accounts. But that doesn't mean you should forego mobile banking.
When designing a mobile banking application, not only do the developers need to consider the application's functionality and usability, but they must consider the security of the application. Essentially, today's smartphone is just a small computer. Thus, as more and more consumers adopt mobile banking, the hackers will target the mobile device. There are six security best practices that banks should follow when developing mobile applications:
1. Make sure your organization or outside development firm uses seasoned application developers who have had secure-coding training and use a secure software development life cycle (SDLC).
2. Follow the guidance suggested by the Federal Deposit Insurance Corp. (FDIC FIL-103-2005) regarding authentication in an Internet banking environment. The guidance describes enhanced authentication methods, such as multifactor authentication, that regulators expect banks to use when authenticating the identity of customers using the bank's online products and services.
3. Make sure that you require the customer to re-enter his or her credentials after a certain time period to prevent someone other than the mobile device's owner from obtaining access to private account information.
4. Hire an information security expert to assess the security around your mobile application servers. Unfortunately, a bank's servers are often overlooked during a risk assessment, as they require a specialized skill set to test them.
5. Encrypt sensitive data that is stored on a mobile device and account data that travels from the handset across the Internet. Ensure that the encryption is implemented properly.
6. Hire a security expert to test the security of a mobile application before you implement it across your customer base.
Beau Woods is Solutions Architect for Security and Risk Consulting Services at Dell SecureWorks (Atlanta).