MOBILE
3 WAYS to ensure MOBILE BANKING APPS ARE
SAFE AND SECURE BY: STEPHEN STUUT, ceo jumio TO ALLEVIATE THESE FEARS AND INCREASE CONSUMER CONFIDENCE, FINANCIAL INSTITUTIONS SHOULD CONSIDER THE FOLLOWING MEASURES TO REINFORCE CONSUMER TRUST: MULTI-FACTOR AUTHENTICATION Gone are the days where a simple password was enough to protect an account – whether an email, bank, or personal healthcare account. Recently, Yahoo! fell victim to a data breach that exposed account information for more than 500 million users. Email addresses, passwords, and account information were accessed – resulting in compromised and fraudulent accounts. Had these email accounts incorporated an authentication step such as ID verification when creating the account, the fraudulent activity could have been prevented. Verifying customer identity is an important first step in creating a seamless digital process. Computer vision and biometric facial recognition technology can help in this effort. Whether opening a bank account or making financial transactions, financial institutions must incorporate a multifactor authentication process that meets KYC (Know Your Customer) requirements by verifying that a customer is in fact who they claim to be. This preliminary step should occur at the onset of establishing an account digitally. Identity documents must be examined digitally, and checked against biometric facial recognition to establish a tie between the ID and the real world identity to ensure authenticity. The bank’s mobile application should then use an advanced feature to authenticate the user when they log in. For instance, providing a facial recognition scan via the mobile device’s camera to authenticate a user’s identity and validating that the person is real and alive. This will hinder attempted log-ins should a mobile device end up in the hands of a thief or account credentials be exposed through a data breach.
ENSURE REGULATORY COMPLIANCE Keeping up with compliance regulations is the second step to a robust mobile security strategy. Conforming to regulatory requirements is vital to avoid getting slapped with significant
14
Payment Quarterly | Q1 2017
F
or financial institutions, shielding their customers and themselves from fraud by delivering safe and secure transactions is critical – but it’s becoming increasingly difficult. Financial institutions are adopting fully digital processes and creating mobile applications that bring convenience to customers who no longer need to visit a brick-and-mortar location to establish accounts or make payments. However, as the impact of cybercrimes grows, more and more banking customers are becoming victims of fraudulent activity and identify theft. According to research from ThreatMetrix released in early 2016, banks and other financial organizations faced the highest number of organized cyber threats of any industry. In this cyber-insecure environment, the integrity of the mobile banking industry is at stake. Consumers question whether it is a good idea to have precious financial information floating around the internet or residing on a mobile device that could easily be lost, stolen, or hacked. A recent survey conducted by Jumio found that more than 75 percent of millennials are dissatisfied with mobile banking experiences and their chief concern in accessing banking via mobile was security.
fines. When organizations veer away from abiding by these regulations, there are significant repercussions. For example, the lax banking practices at Wells Fargo is costing the company $185 million in fines, including a $100 million penalty from the Consumer Financial Protection Bureau. With the evergrowing complexity of financial regulations, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls – such as Know Your Customer or KYC. The KYC regulations are paramount in the banking industry and speak to the process of “a business, identifying and verifying the real world identity of its clients.” In addition, Anti-Money Laundering policies are also putting the onus on banks to identify and report suspicious activity. These policies are becoming much more important globally to prevent identity theft, financial fraud and money laundering.
END-TO-END ENCRYPTION End-to-end encryption is key in bolstering mobile security. This approach offers a level of security that protects data and system integrity, which reside at the heart of every financial and KYC transaction. Coupled with regular security audits, vulnerability scans and penetration tests, end-to-end encryption ensures compliance with industry-wide security best practices and standards – including making personally identifiable information obscure from adversaries. In conclusion, while mobile banking apps provide the customer the flexibility to conduct some transactions online, banks must match the need for a great user experiences with consumer concerns about whether or not their personal information is safe. Ensuring your mobile app is as secure as it can be from the get-go, by validating a user’s identity, adhering to regulatory compliance, and leveraging encryption are steps in the right direction to protect your business and customers against fraud and identity theft.