Aite Group sees evolving mobile banking apps potentially providing more security provision than online banking

Boston, September 11, 2014 – A new report from Aite Group, Mobile Revolution: Sparking Fraud’s Evolution, examines the potential threats in the mobile banking channel and then details a variety of potential technology solutions. Aite Group's research encompasses the perspectives of more than 70 vendors, financial institution fraud executives, and merchant fraud executives.

 

Aite Group's research shows that while criminals are successfully executing a number of exploits against FIs and merchants alike, the outlook is actually fairly bright; when security controls are properly applied, the mobile environment actually has the potential to be more secure than the online environment. Nevertheless, criminals have quickly realized that many of their tried and true attack methods from the online channel also work reasonably well in the mobile channel, with some minor adaptations. In addition, the unique properties of the mobile device provide additional paths of opportunity.

 

In comparison, the security solutions that work online will not be universally applicable to mobile, but Aite Group sees that there are still lessons that can be learned from the online channel. Many of the strategies and technologies that have proven effective online can be applied to mobile, with adaptation to reflect some of the challenges unique to mobile.

 

FIs and merchants are employing a number of successful strategies as they seek to create a highly secure, user-friendly mobile environment. These include embedded security, which actually gives the app environment the potential to be more secure than mobile browsers since users download the software onto their devices with security already embedded in a number of different ways, as well as extending defenses to the transactions themselves. Effective defensive tools will analyze data about the transaction itself to determine whether it exhibits anomalies indicative of fraudulent behavior.

 

As FIs build their mobile strategies, they also need to be mindful of the pace at which mobile technology is progressing, says Aite Group. Investments should be designed with the flexibility to adapt to the rapid rate of progress and be reflective of the fact that devices are deemed outdated and only minimally supported one year from release. This further highlights the importance of a multipronged approach that does not rely exclusively on endpoint protection or device intelligence, but instead takes a balanced approach that incorporates those aspects along with device-neutral intelligence such as behavioral analytics.

 

For financial institutions

 

  • With the increasing availability of high-risk transactions from the mobile device, it is important to use technologies such as behavioral analytics that can detect anomalous transaction activity.

 

  • FIs need to ensure there is embedded security in downloadable apps. They should take advantage of the fact that consumers are willingly downloading a piece of software and embed security to shield it from malware that might already be on the device.

 

For technology providers

 

  • Hire white-hat hackers to test mobile security. They should perform penetration testing on mobile apps, enabling FIs to discover the vulnerabilities before the criminals do. Testing should be repeated any time significant enhancements are pushed to the mobile platform.

 

Quotes

 

  • "Given the continued rise in mobile channel usage, as well as the increasingly high-risk transaction capabilities that banks and merchants are pushing to the channel, it is imperative that financial services organizations defend against rapidly emerging threats," says Julie Conroy, research director in Retail Banking at Aite Group.

 

  • "Fraud prevention methods need to take an omnichannel approach, as criminals do not limit their attacks against FIs to a particular product or channel only. So, mobile banking software developers need to integrate information about the users’ current and historical activities across multiple channels to help proactively detect any fraud while preserving a positive user experience," says Julie Conroy, research director in Retail Banking at Aite Group.