Securing mobile banking: 5 trends financial service CISOs need to know

by Jacob Hill, Lead Marketing Manager, Security, AT&T

When it comes to mobile banking, security is a top concern for many financial service institutions. In fact, in a recent survey of financial service cybersecurity leaders by consulting firm PwC, 54% reported that they plan to spend more to improve security in their mobile channel.

It’s certainly something that consumers appreciate. Security concerns remain a roadblock for the contingent of the market that has yet to adopt mobile banking, according to numerous reports.

The methods and best practices for how savvy CISOs address these concerns are evolving along with the threats. So as you evaluate and prioritize your mobile security initiatives, here are five trends to keep in mind:

1. Biometrics are getting better

Mobile banking security is quickly moving beyond passwords and personalized security questions as a primary form of user authentication. One area of increasing interest: Biometrics. The notion of identifying customers via a thumbprint, or voice or facial recognition has been around for years, though the government (and James Bond movies) have been the biggest users of the technology. Now whether people want to send money to a friend or simple access their account, biometrics companies are helping financial service organizations put these next-level security measures into regular use. For instance, Bank of America offers fingerprint and touch ID to all of its mobile users. Tinna Hung, director of marketing for biometrics firm EyeVerify recently told American Banker magazine that biometric identifiers “rely on something you are, rather than something you know.” As such they’re much harder for scammers to replicate, providing clients with an added level of security.

2. Next in line: Behavioral analytics

Fingerprints and eyeballs are better than passwords. But the future of financial service cybersecurity may require that customers be authenticated via even more factors, including their patterns of behavior. Now here’s where things get interesting. Thanks to machine learning and AI applications, financial service organizations may soon be able to know whether customers are who they say they are based on what they’re doing on their device.  NatWest, one of the largest banks in the U.K., announced last November that it was deploying behavior analysis technology that captures up to 500 online and mobile behaviors to protect its customers from fraud. The technology examines how people type, scroll, move between screens, use shortcuts and even the amount of pressure a person applies to a screen when they touch it. Such security solutions help maintain persistent identity across the entire user experience, instead of just at the beginning when a customer logs on.

3. Mobile apps have security gaps

In Accenture’s recent white paper, Mobile Banking Apps, the researchers note that the constant push for innovation and mobile platforms “often outpaces security, which can lead to significant security gaps if an organization is not grounded in a well-established governance model.” As part of the research, Accenture and NowSecure analyzed 30 mobile banking apps and found known security risks in all of them. While this is not necessarily an enviable trend, it’s a consistent issue that CISOs need to be aware of, especially as the industry continues to move toward more mobile applications. “Mobile banking apps should, at a minimum, be developed with the same security standards as any other asset,” the researchers advise.  

4. Banking apps dig into endpoint safety

Mobile money and banking apps are just that—mobile. Today, a comprehensive mobile cybersecurity strategy should address threats that come with these location-independent devices. To be sure, the device makers themselves are increasingly instituting their own security measures, but financial institutions wanting to ensure data safety across the customers’ experience are now implementing their own ways of evaluating smartphone and tablet security as well. For instance, this includes developing or implementing apps that determine whether a customers’ device is running an updated system or if the phone has been jailbroken. With more mobile app development undoubtedly coming, endpoint security is something every CISO needs to consider.

5. Increased regulations, affecting mobile and more

In its recent report on financial services and cybersecurity, consulting firm PwC noted that “as cyberattacks become more sophisticated, regulators are raising their level of scrutiny, and global cybersecurity and privacy legislation is changing.” For instance, the New York Department of Financial Services issued a wide-ranging set of cybersecurity regulations earlier this year. Of course, these and other regulations affect mobile platforms in addition to anything banks are doing online. PwC says that while the guidance from various bodies may sometimes be conflicting, financial institutions should expect more regulations and increased calls for collaboration with regulatory bodies in order to thwart potential attacks.

For financial services companies, mobile banking is the future—and it’s already here. Stay updated with cybersecurity trends and you’ll ensure that your apps aren’t introducing additional risks.