Community
The adoption of mobile banking will continue to surge across Europe, says a recent ING International Survey – Mobile Banking 2016 report. In its annual survey, ING shows that the share of mobile device users in Europe who bank by mobile has swelled to 47% – up from 41% in 2015 – with another 16% expected to adopt the technology in the next 12 months.
Although ING’s research indicates the situation in Europe, it is worth considering the state of play in the US among millennials too. The Federal Reserve says that 67% of millennials now use mobile banking; which is important to consider, as these people will be the next generation of banks’ customers (18% of consumers over the age of 60 use mobile).
For the banking sector, a strong mobile strategy is becoming critical for financial institutions to compete in the changing landscape. Customer and employee expectations are increasingly mobile-first, so banks need to address this evolution, to build customer loyalty and revenue streams.
However, The Federal Reserve’s research also questioned why people do not use mobile banking apps. It discovered that 73% of people had concerns about the security of mobile banking technology. So, as mobile banking continues to soar in Europe and the US, what should banks consider as they develop apps that meet the security concerns of customers?
Top 10 Mobile Vulnerabilities
From a technology stand point, there are many vulnerabilities that could cause problems for your banking apps across the software development cycle (SDLC). These occur at the customer facing, front-end of the app as well as the back-end, within the device and the banking app level, and mean that banks need to ensure that apps have advanced authentication, including integrations into Active Directory, Oauth - and the like - built into their software development; as well as compliance with all the necessary essential industry standards, like PCI, SOX, HIPPA, Common Criteria and so on.
The Open Web Application Security Project (OWASP) is a vital source of critical security information. It provides sound guidance about what it deems as the ‘Top 10 Mobile Vulnerabilities’. In order of importance, they include: lack of binary protections (19%), insecure data storage (17%), insufficient transport layer protection (16%), unintended data leakage (13%), weak server side controls (6%), poor authorisation and authentication (6%), client side injection (4%), broken cryptography (3%), improper session handling (2%) and security decision via untrusted inputs (1%). Interestingly, 13% is unaccounted for too. Of course, the degree to which these common vulnerabilities affects your mobile banking app will vary, according to your systems and strategy.
‘Reverse engineering’ is your enemy
Outside of OWASP’s recommendations there are several other key factors that banks ought to consider as they tighten up the security of their mobile apps. For instance, often attackers will simply pick up where the secure SDLC leaves off. So, your team needs to evaluate this and establish how to overcome and secure this entry point. They also need to consider that, in the case of consumer apps, they are often freely available.
This means that they are open to scrutiny and that hackers will try and reverse engineer and modify banks’ mobile apps, even though they are supposed to be free of vulnerabilities.
Self-protection explained
In addition to this, banks need to establish how they can develop apps that have the capabilities to protect themselves. Achieving this starts with developing a secure SDLC that ultimately provides the app with the capability to defend against compromises, detect attacks in real-time and react to, or ward off attacks in real time; which comprises of the following phases and key points:
Conclusion
The many benefits to providing customers with mobile banking apps far exceeds the risk; however, it is critical to arm with the current capabilities that are required to defend and protect your apps and business from security breaches, resist tampering, and ward off, as much as possible, hacking attacks and malware exploits.
As mobile banking continues to grow, so will the number of exploits, and so development teams will face constant challenges to protect their business from security issues. It is, therefore, critical to factor security into your long-term mobile banking app development strategy and align with proven partners that can help you ensure your success.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Andrew Ducker Payments Consulting at Icon Solutions
19 December
Jamel Derdour CMO at Transact365 / Nucleus365
17 December
Andrii Shevchuk CTO & Co-Partner at Concryt
16 December
Alex Kreger Founder & CEO at UXDA
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.