Recommendation: Think in Terms of Strategy, not Compliance
Mobile security and fraud prevention are often considered to be check-the-box compliance topics. The above discussion should make it entirely evident that a perfunctory approach to regulatory compliance is the wrong way to proceed. The fast-moving technologies, alliances and competitors in the mobile banking market will require bank executives to make careful strategic decisions on capital allocation, resource deployment and business partnerships.
As a recommendation, it would be simple to list the five security options with the suggestion that banks go to the limit with all of them. However, that’s not a viable option for resource-constrained financial institutions, which will more likely make trade-offs and place bets as to how to allocate security budgets across these five technically challenging security areas.
Some banks may decide to bet on the most sophisticated multi-channel, back-end risk-based authentication in the marketplace, with the intention of putting its mobile banking application on every handheld device in the marketplace. Others may decide to place a bold platform bet on the security capabilities of a specific operating system, allowing them to meet regulatory requirements for risk-based authentication while focusing on the mobile OS or the hardware. Still others might make a play to be the bank of the future, implementing the most forward-looking biometric technologies on the most cutting-edge device in the marketplace.
The reality is that most banks don’t have unlimited funds, manpower, or time to implement across multiple technologies with the entire range of security protections. Each institution must decide what it wants its mobile business to be and then design a roadmap to get there.
The key recommendation: Go slowly and choose wisely.
[Speed Is the Key to Beating New Account Fraud.]
