Mobile banking has become a full-fledged service allowing for getting information about transactions promptly, making payments, and consulting. Consumers are able to issue and manage their cards directly on their mobile phones. Users of mobile banking apps can send their complaints and requests as well. With better user experience, fingerprints authentication, push notifications with one-time passwords (OTP) for confirming transactions, the popularity of mobile banking skyrocketed.
Today, daily banking services have increasingly become closer to consumers. Within a few years, banks managed to reach a great number of customers via mobile devices, increase the number of intergenerational users, improve customer experience and satisfaction. Banks gave people what they wanted – the possibility to manage their money on the move.
However, with increased popularity comes increased risk. How safe is online banking on a mobile phone? Recent researches conducted by Kaspersky Lab show that the number of malware aimed to steal bank users’ data has greatly increased. The malware may actually look like a genuine bank’s mobile app. When people try to access their accounts, scams may steal their credentials.
That was only one example of how users’ data can be compromised. Let’s find out what other threats mobile banking faces today. Further, we’ll offer some recommendations for banks on how they can overcome these risks to retain their clients and provide them with high security.
Need secure banking software? Here’s how we do this!
Is mobile banking safe enough? 5 possible risks for banks and their consumers
Mobile apps, especially those which process financial data, are quite vulnerable to malware risks, breaches, fraud, and cyberattacks. All these problems, when arise, can produce negative effects both on app users and banks. The latter can, as a result, lose their customers if they don’t have appropriate guidelines and mechanisms to resolve security issues. Below the most frequent risks are highlighted.
You’ve already read above about the research conducted by Kaspersky. McAfee, another antivirus company, in their report, Q1 2019 states that mobile malware keeps growing in its scope and complexity. Among the major finding: the number one risk is hidden apps that account for ⅓ of all mobile attacks. Hidden apps run as a background service once the user closes the app. Among future threats, McAfee expects malware to become more targeted (ad click spam/fraud, sending phishing emails, service attacks, etc.).
Although mobile banking apps are considered to be more secure than entering your account via a browser, there’s still a certain number of risks. Not all developers take into account the risks of money laundering and fraud during development. Security vulnerabilities have such negative effects as stolen credentials. For example, an e-store can use your banking login data to expedite a transaction.
Unsecured Wi-Fi public hotspots
Free Wi-Fi is no longer a luxury. It is actually a must-have for any public place. Thousands of people use public hotspots to access their mobile banking. However, that’s not secure. Scams may set up their Wi-Fi spots near the place where you use your credentials to log in to your bank app. They create almost the same name for the wireless network, for example, Burger Place and Burger Place1.
Fingerprint authentication was considered one of the securest ways to log in to your account. However, scams have already invented new means to bypass a security seal. Among the most popular approaches to circumvent the fraud detection systems and commit identity theft is to hide IP addresses by using virtual private networks (VPN).
Remote deposit fraud
Depositing checks to bank accounts remotely is very convenient for most consumers. However, this may lead to the capturing of your checks by scams. The latter know some ways of accessing databases containing remote deposit checks. Once they have your image, they can copy it and use the services of money mules.
What kind of IT outsourcing services do banks use? Here’s the answer.
How banks can prevent security risks in mobile banking. 5 recommendations for bank CIOs
Among the most frequent factors affecting a consumer’s decision to download a mobile banking app are security issues. According to the data presented below, around 33% think that banks must better protect their sensitive data and around 28% want banks to add authentication for certain transactions.
To persuade new clients to download apps and retain existing customers, banks should adhere to a certain number of recommendations and prevent risk concerns. Below are some risk prevention measures for bank IT departments.
1. Application security audit
A software audit is one of the first risk prevention measures a bank should take. First, audit specialists assess all possible security threats that can arise while bank customers are using a mobile app. Then, they provide you with guidelines on how to eliminate these risks. As a rule, such audits are conducted in accordance with OWASP mobile security standards that include the following points:
- sensitive data identification and protection;
- secure credentials processing;
- transferring sensitive data securely;
- correct authentication/authorization implementation;
- keeping APIs secure;
- integrating data with TPAs appropriately;
- taking into account user consents;
- implementing control over pay-for services;
Each company providing application security audit may have its own methodologies and standards. However, it’s always possible to discuss your requirements.
2. Regular application updates
Mobile banking apps can be named digital offices of banks. They provide users with a bunch of helpful features and functionalities without the need to physically attend a financial institution. Thus, applications should be timely and regularly updated. Usually, these updates include bug fixes, mobile banking security improvements, for example, Touch ID fixes, user interface changes, etc.
3. Strong brand identity (UX, UI)
A recognizable brand is also a good way to improve mobile banking security. Often, scams create alike apps to trick new customers who download a bank’s app via Google Play or App Store. Strong brand awareness and unique design are intended to ensure that users can recognize a bank’s identity.
4. Multi-factor authentication
Multi-factor authentication is one of the most effective approaches to security. Using two or more factors for logging in is often used by mobile app developers to ensure a high level of app’s security. This type of authorization means that end-users will use something that they are (biometrics), something that they have (card), and something that you know (password). There are many technologies providing multi-factor authentication (tokens, smart cards, biometrics).
5. A clear FAQ on security concerns
Each secure banking software should provide end-users with clear risk prevention recommendations in case of any card losses, thefts, cyberattacks, etc. Consumers should clearly know what they have to do in such cases. Thus, each bank has to develop step-by-step guidelines available for quick assistance for any customer.
What DICEUS offers
Our company has strong expertise in developing software systems, applications, and other solutions for banks. In terms of mobile banking security, we can offer the following services:
- Consulting on cybersecurity
- Software audit
- Application development
We start our collaboration with an in-depth business analysis and come up with a clear technical proposal and SRS. Tell us about your needs in mobile banking and our specialists will reach you asap.
Guaranteed software project success with a free 30-minute strategy session!