Safe and Mobile Secure

As with any other digital gateway, the mobile channel requires fundamental data security measures

By Phil Britt

Data and account security concerns are the main reasons why more consumers haven’t adopted mobile banking services, various consumer surveys show. It’s still a largely unknown technology that has yet to stand the test of time against continued hacking attempts. Even though to date, no mobile-specific Trojan or other malware has arisen, the potential of such mobile threats are real—for banks and their customers.

There’s also a significant threat from cross-channel breaches, in which a hacker gains access to an account through one channel (such as online banking) and then uses knowledge from that hack to gain access to the account through other channels, including mobile devices.

Like any digital channel connected to the outside world, there are steps both banks and their customers can and should take to keep their mobile financial activities safe and secure.

1 Educate your customers. “Mobile devices are computers, but most consumers don’t treat them that way,” says Julie Conroy, research director for Aite Group. “Some people don’t even have a password lock on their phones,” says Robert Steen, CEO of $72 million-asset Bridge Community Bank in Mechanicsville, Iowa, an early adopter of mobile banking and other technologies. “We have to protect customers from themselves.”

So community banks offering mobile services should actively educate their customers to take the same precautions with mobile devices as they do with their computers. That includes using antivirus software, protecting passwords (for example, not leaving them in plain sight or not sharing them) and avoiding the temptation to click on unknown links. Similarly, ask your customers to quickly notify your bank if they see any potential fraud taking place.

Even with strong consumer education, of course, if your community bank is offering mobile services it should use automated security protections. If your mobile security walls are application-based, your bank can push out the security controls all day long, Conroy advises.

2 Embed security into your bank’s mobile app. All mobile banking apps aren’t alike. To help protect its customers’ account information, your bank’s chosen mobile app should be designed solely as an access gateway—meaning that the app itself doesn’t contain or store any account or personally identifiable information. The app should include a timeout feature to protect against a customer inadvertently leaving a mobile device on and unattended during a mobile banking session.

3 Use layered protection strategies. Similar to protection strategies for online banking and other applications, your bank’s internal mobile security should include multiple layers of protection, with additional, stricter layers of security as the user gets closer to your bank’s systems and sensitive information.

As with other security measures, your bank should conduct periodic risk assessments to ensure that the security controls for mobile are providing the expected protection and to ensure that no new vulnerabilities have arisen as the result of any new threats.

4 Require customers to use multifactor authorization. Don’t permit a customer to simply touch your bank’s mobile app to access their information. Multifactor authentication is just as important for the mobile channel as any other digital remote channel.

In addition to a PIN and password, your bank’s mobile security should include random security questions to help identify the user in the event of a lost or forgotten password. The passwords should require combinations of letters and numbers or symbols, be of a minimum character length and should expire every six months. The longer the password the better, though the length has to be balanced against the desire to keep access customer-friendly.

Steen also advises that community banks have adequate staff to answer security lockout questions. “We spend a lot of time keeping customers in an active mode,” he says.

Most of all, stay alert to new security threats and defenses. Security experts agree that hackers will continue to search for ways to use the mobile banking channel to break into consumer accounts. endmark


Phil Britt is a writer in South Holland, Ill.

Top