Banking as we know it is changing. Initiatives such as Open Banking and regulatory frameworks like PSD2 are creating the driving forces to open up once closed banking platforms, creating a tremendous push for innovation. New banking players are also entering the space, bringing with them new forms of banking such as Peer-to-Peer payments, often built around mobile apps.This disruption is resulting in massive growth in the sector; the market for P2P growing by 271 percent to $130 billion in 2016.
At the same time, adoption rates of mobile banking apps is growing exponentially as well: according to a report by Juniper Research, 1 in 3 adults across the world will use mobile banking by 2021.
Challenges come with any change in the way we do business. A more open network and different ways of moving money open new opportunities for online banking fraud. Mobile banking fraud prevention is an area that has many challenges, but one where certain technologies, including continuous authentication, have the potential to provide a solution.
The Challenges in Mobile Banking Security
Fraud is the bugbear of banking, costing the UK economy alone potentially 193 billion GBP per year. In a previous blog post on “On The Go: How Mobile Redefines The Way We Bank” we talked about how mobile banking was disrupting the industry and how online fraud will most likely move towards the mobile platform.
As mobile device use for banking increases, it creates new opportunities for fraudsters, giving malicious actors new inroads into our bank accounts and personal data. A McAfee survey of mobile threats found they are “steadily growing” with banking Trojans that can steal login credentials, increasing by 40%. One such Trojan is the infamous ‘Faketoken’ which overlays a fake UI and can even steal SMS codes sent to users for second-factor authentication.
Security Measures That Ignore User Experience Lose Relevance
Compounding the problem of mobile banking malware is user behavior. An ACI report found that more than half of consumers show risky behavior and do not understand the risks of fraud. In a report by Accenture on mobile banking, they found that a staggering 43% of users do not even use a passcode to manage access to their device. Why is this? The answer lies in friction. A survey found that 74% of organizations who implement second-factor authentication (2FA) had complaints from their users about it. As a result of increased friction, users often avoid two factor authentication even when conducting sensitive transactions on mobile devices. According to studies, consumers generally use static passwords instead.
Mobile devices have a number of security issues that have either been inherited from general Internet security known issues or have become inherent in the platform. The OWASP Top Ten Mobile security threats for 2016, lists the 10 most common security issues in mobile devices; in at number 4 is insecure authentication.
Solving the Challenges of Mobile Banking and Security
Mobile banking is convenient and customers are taking it up droves. But the banking community needs to protect both money and the reputation to provide exemplary service - both on and offline. In the report by Accenture, they conclude that:
“Based upon our analysis and observations, multi-factor authentication makes online banking more secure by reducing the exposure for the single greatest threat to account takeover, phishing and misappropriated account credentials.”
We need to have strong authentication measures in place to prevent fraud. But we cannot afford to prioritize security over customer experience any longer. Having a forward-thinking program in place to build secure and user friendly mobile banking will bring rewards to the banking sector.
Multi-factor authentication can be seen as a layer of friction for the user. However, using it smartly can balance both the security and the UX of mobile banking. The use of behavioural biometrics takes multi-factor authentication to a new level of both security and usability. It uses the natural interactions that users have with their mobile devices to identify patterns of behavior to validate and refine authentication for mobile banking applications. It solves the dual challenge of user authentication fatigue and mobile banking malware.
Making Mobile Banking Secure
The Federal Reserve identified 77% of mobile phones used in the U.S. are smartphones, and the use of mobile banking is set to rise. This picture is likely to be repeated across world geographies.
Limitations of authentication models for mobile banking apps mean bank CISOs need to approach fraud detection differently. Banks who provide a secure and at the same time frictionless mobile banking experience will be rewarded with happier customers who will spread the word. Having a system of continuous authentication built on smart behavioral biometrics can bridge the gap between usability and security to create frictionless mobile banking experience.