Banking Apps Look to Balance Convenience, Security


Posted on by Nathan Eddy

Mobile banking technology is poised to become ubiquitous. Soon connecting with your banker via video will be as easy and commonplace as checking your account balance on your smartphone. 

In the not-so-distant future, customers will expect to always have the option to chat face-to-face with their banker either on a mobile app, from an ATM or at a kiosk or meeting room in the branch itself.  

With the rise of mobile banking options, protecting customer data and identity is a primary security concern for many businesses. 

Financial institutions have increased compliance and regulatory requirements like call monitoring and recording, integration into their core software, and encryption levels—it’s clear that security is a big issue. 

Banks strive to balance cost, convenience and customer engagement and video-enabled banking is able to strike this balance. 

Mobile banking apps have evolved tremendously over the past few years, which had a lot to do with the uncertainty of the risk involved. 

There was very little functionality with early mobile banking apps — apart from checking the account balance — because the security risks were not yet fully understood, and everyone knew that you could not simply extend the threat profile from the desktop to the mobile. 

However, users took to mobile in a big way, and today mobile traffic represents a large percentage of overall traffic for some banks. 

Due to this popularity, many users requested more functionality, and now many banking apps are very feature rich, allowing users to do everything online banking provides. 

According to a 2016 survey conducted by Verizon and KRC Research, 55 percent of smartphone owners used an app to make a mobile bank transaction. 

The survey also found nearly a quarter of U.S. smartphone owners (23 percent) made a mobile bank transaction for the first time in 2015--a 70 percent jump from 2014. 

However, an Episerver survey found that a quarter of consumers are frustrated by the complex security logins used by financial services apps. 

Despite these frustrations, 39 percent of respondents said they think existing financial mobile apps do not provide a high enough level of security. 

To win over customers, it seems, financial retailers need to strike the right balance in their mobile experience. 

"Too often in the past, security initiatives precluded a smooth customer experience," Andreas Baumhof, CTO of ThreatMatrix, said. "The mobile channel is a game changer, as a mobile app provides extensive forensics information that can be taken into account from a security or fraud point of view." 

He said the key is finding specialized solutions needed to make sure the bank has trustworthy information. 

"The mobile phone offers a unique opportunity to reduce the burden on the consumer to be responsible for authentication and shift to a more flexible and dynamic approach where the right authentication system is being evaluated based on current context," Baumhof explained. 

The Verizon/KRC Research survey also found demand for security increases with age, raising from 60 percent among 25-year-olds to 78 percent among the over 55-year-olds. 

Ryan Zlockie, global vice president of authentication at Entrust Datacard, said Baby Boomers want to ensure security, while Millennials want to ensure usability and are less concerned about security than boomers. 

"The good news is that mobile banking apps have evolved to meet the needs of both, he said. "Today, strong authentication allows for strong security and usability. We do know that consumers are ok with some amount of friction when it comes to their banking app, but that friction must be meaningful and useful."

Looking forward to 2017 and beyond, banks and other financial institutions can look to a few strategies that can really add security. 

The first is helping to eliminate passwords using biometrics--this alone can solve many of the credential theft issues as well as the derivative password reset burdens in the call center. 

In addition, having systems that can adapt and flex to the current security and fraud needs in minutes sounds impossible, but is in the grasp of all app owners in the near future by changing their architecture. 

Finally, the ability to refine multi-factor authentication enforcement by using more context than just device ID and basic location information can also help. 

"Establishing a true instantiation of identity in an application is the holy grail of security and anti-fraud since it’s the root cause the great majority of our security issues," Rakesh Loonkar, president of Transmit Security, said. 

He explained banking apps will need a new identity architecture and framework where authentication and anti-fraud are built from the ground up in an integrated way, as opposed to bolting them on to each other for each use case. 

"It’s counter-intuitive, but as we improve security, we can dramatically improve the user experience as well, and that will get application owners very excited," Loonkar noted. 

As fraud prevention and other security features for mobile banking apps gains in importance, banks and financial institutions will have to balance maintaining the trust and safety of users with the ease-of-use and fluidity consumers have grown to expect. 

Contributors
Nathan Eddy

Technology Writer,

mobile security

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs