The Top Challenges of Mobile Banking Security

The Top Challenges of Mobile Banking Security

Ran Shulkind

Co-founder & CPO at SecuredTouch

Views 2452

The Top Challenges of Mobile Banking Security

27.11.2017 06:30 am

Banking as we know it is changing. Initiatives such as Open Banking and regulatory frameworks like PSD2 are creating the driving forces to open up once closed banking platforms, creating a tremendous push for innovation. New banking players are also entering the space, bringing with them new forms of banking such as Peer-to-Peer payments, often built around mobile apps.This disruption is resulting in massive growth in the sector; the market for P2P growing by 271 percent to $130 billion in 2016.

At the same time, adoption rates of mobile banking apps is growing exponentially as well: according to a report by Juniper Research, 1 in 3 adults across the world will use mobile banking by 2021.  

Challenges come with any change in the way we do business. A more open network and different ways of moving money open new opportunities for online banking fraud. Mobile banking fraud prevention is an area that has many challenges, but one where certain technologies, including continuous authentication, have the potential to provide a solution. 

The Challenges in Mobile Banking Security

Fraud is the bugbear of banking, costing the UK economy alone potentially 193 billion GBP per year. In a previous blog post on “On The Go: How Mobile Redefines The Way We Bank” we talked about how mobile banking was disrupting the industry and how online fraud will most likely move towards the mobile platform.  

As mobile device use for banking increases, it creates new opportunities for fraudsters, giving malicious actors new inroads into our bank accounts and personal data. A McAfee survey of mobile threats found they are “steadily growing” with banking Trojans that can steal login credentials, increasing by 40%. One such Trojan is the infamous ‘Faketoken’ which overlays a fake UI and can even steal SMS codes sent to users for second-factor authentication. 

Security Measures That Ignore User Experience Lose Relevance

Compounding the problem of mobile banking malware is user behavior. An ACI report found that more than half of consumers show risky behavior and do not understand the risks of fraud. In a report by Accenture on mobile banking, they found that a staggering 43% of users do not even use a passcode to manage access to their device. Why is this? The answer lies in friction. Asurvey found that 74% of organizations who implement second-factor authentication (2FA) had complaints from their users about it. As a result of increased friction, users often avoid two factor authentication even when conducting sensitive transactions on mobile devices. According to studies, consumers generally use static passwords instead.

Mobile devices have a number of security issues that have either been inherited from general Internet security known issues or have become inherent in the platform. The OWASP Top Ten Mobile security threats for 2016, lists the 10 most common security issues in mobile devices; in at number 4 is insecure authentication.

Solving the Challenges of Mobile Banking and Security

Mobile banking is convenient and customers are taking it up droves. But the banking community needs to protect both money and the reputation to provide exemplary service - both on and offline. In the report by Accenture, they conclude that: 

“Based upon our analysis and observations, multi-factor authentication makes online banking more secure by reducing the exposure for the single greatest threat to account takeover, phishing and misappropriated account credentials.”

We need to have strong authentication measures in place to prevent fraud. But we cannot afford to prioritize security over customer experience any longer.  Having a forward-thinking program in place to build secure and user friendly mobile banking will bring rewards to the banking sector.

Multi-factor authentication can be seen as a layer of friction for the user. However, using it smartly can balance both the security and the UX of mobile banking. The use of behavioural biometrics takes multi-factor authentication to a  new level of both security and usability. It uses the natural interactions that users have with their mobile devices to identify patterns of behavior to validate and refine authentication for mobile banking applications. It solves the dual challenge of user authentication fatigue and mobile banking malware.

Making Mobile Banking Secure

The Federal Reserve identified 77% of mobile phones used in the U.S. are smartphones, and the use of mobile banking is set to rise. This picture is likely to be repeated across world geographies. 

Limitations of authentication models for mobile banking apps mean bank CISOs need to approach fraud detection differently. Banks who provide a secure and at the same time frictionless mobile banking experience will be rewarded with happier customers who will spread the word. Having a system of continuous authentication built on smart behavioral biometrics can bridge the gap between usability and security to create frictionless mobile banking experience.

This article originally appeared at: SecuredTouch

Latest blogs

Will Hurst Monevo

How to prepare for a cashless society

THE UK ranks as the world’s third most cashless country behind Canada and Sweden. Will Hurst, Head of Commercial Development at Monevo, part of Quint Group, has some thoughts on how to get ready for a world without paper and coins. 1 – Invest in Read more »

Laura Francis Form3

Why Payments- as-a Service is the first choice for Financial Institutions

More and more Financial Institutions are choosing to outsource their mission critical payments infrastructure over building or licensing legacy technology. The pace of change within the global payments technology space is still at full speed with no Read more »

Myles Dawson Adyen UK

Three ways to win shoppers during Chinese New Year (and beyond)

For us in the West, New Year feels like a distant memory. But, while we’re in the midst of ‘Dry Veganuary’, celebrations in China are just about to kick off. Read more »

Rodrigo Zepeda Storm-7 Consulting Limited

Persons With Significant Control: PSCs

From 30th June 2016 the ‘People with Significant Control’ Companies House register went live. This means that certain United Kingdom (UK) companies, Limited Liability Partnerships (LLPs), Societas Europaea (SE), and Eligible Scottish Partnerships ( Read more »

Philippe Carrel Finmechanics

LIBOR to survive the RFRs

Neither IBORs nor RFRs; firms should ready up to work with both types of benchmarks and reference rates for the foreseeable future.  The quantitative finance focused publications of 2019 have highlighted that replacing forward looking term rates ( Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel