Banking on the Go: Security Face-off
Mobile banking is making deeper inroads in the payments business, with the most common use being transferring money between accounts, checking recent transactions or account balance, and making mobile payments via apps. This paradigm shift from branch banking to desktop-based or web applications and now to “bank in my pocket” – has been the biggest disruptor to traditional banking channels. And, why not? A recent analysis by a top bank, Mobile banking frees up a day per year, found that mobile banking saves 24 hours per person every year, which means customers make 12 fewer trips to the bank every year, translating into 73 miles less traveled.
But unfortunately, cybercriminals and fraudsters know where the money is. From Trojans, rootkits and botnets carefully launched for the mobile marketplace to malware-infected rogue mobile apps disguised as legitimate banking apps, cyber criminals are using advanced techniques to trick users into divulging their personal details and passwords.
Banking in the Dark? Not Anymore
It is only natural that banks have become wary of these evolving, new-age threats – mobile malware, web-based exploits, malicious apps, and unsecured Wi-Fi networks. But how can they tap into the potential of mobile banking without putting security at risk, especially when so much is riding at stake – user privacy, bank reputation, and financial losses? Clearly, current security solutions fail to secure the application processing environment and fall short of providing granular security controls to users. Banks need a highly reliable mobile security solution that follows the user and is not limited to a device. Let’s take a look at the top two threats facing banks and financial institutions in the mobility space and how they can keep ahead of cyber-rookies.
Threat: Identity Theft
Solution: Multi-factor Authentication
Account takeover or unauthorized account access is the biggest impediment to mobile banking. While most banks use Personal Identification Number (PINs) to authenticate users, this method is now insufficient in the face of new-age identity thefts.
Today more than one form of authentication is required to validate the legitimacy of a transaction initiated by a user. Typically it combines two or three unique factors: what the user knows (knowledge-based authentication e.g., password or PIN), what the user has (ID card or security token), and what the user is (biometric application e.g., fingerprints or facial recognition). Geo-location technology can also help determine a person’s physical location through the identification of the IP address of a device connected to the Internet or through GPS built into the mobile device. This information can then be used to validate the authenticity of a transaction.
Threat: Mobile Malware & Rogue Apps
Solution: App Wrapping
Fake banking apps, loaded with malicious malware, are designed to defraud consumers by stealing a user’s credentials or security codes. Their mission is simple: bypass antivirus detection, capture keystrokes, and swindle one-time security codes, which is often used by banks to authenticate transactions.
With rogue apps growing in number as well as in sophistication, how can banks ramp up their defenses against targeted mobile malware? One way is by offering an app-scanning security solution that allows them to spot security vulnerabilities and fix security holes.
To fight mobile malware, banks can leverage application wrapping software that encrypts data-in-motion from the mobile app across the Internet – securing it from hackers and eavesdroppers. The software uses advanced data cloaking and encryption techniques, and makes communication endpoints undetectable to unauthorized users. Through secure communities of interest (COI), only authorized users can access data from mobile applications that are wrapped with fine-grained security policies such as geo-fencing and location-masking.
Mobile banking is emerging as the new means for customer engagement, a point of differentiation, and a source for new revenue opportunities. However, it’s important to remember that security must preside over cost and convenience. Banks need to build a holistic security strategy that ensures protection across all dimensions – user, device, app, and data. They must leverage the unique capabilities of a mobile device to provide additional layers of security like geo-location and biometric authentication. In essence, they must employ advanced anti-fraud detection technologies, strengthen user authentication, build secure mobile apps, and ultimately, enhance the value delivered to customers.