Banking Exchange Magazine Logo

Mobile banking could be more secure than online banking

Omnichannel approach recommended to guard against complacency

Mobile banking could be more secure than online banking

While criminals are successfully executing a number of exploits against financial institutions and merchants, the outlook is actually fairly bright; when security controls are properly applied, the mobile environment has the potential to be more secure than the online environment, according to research by Aite Group

Nevertheless, criminals have quickly realized that many of their tried-and-true attack methods from the online channel also work reasonably well in the mobile channel, with some minor adaptations. In addition, the unique properties of the mobile device provide additional paths of opportunity.

"Fraud prevention methods need to take an omnichannel approach, as criminals do not limit their attacks against [financial institutions] to a particular product or channel only. So, mobile banking software developers need to integrate information about the users’ current and historical activities across multiple channels to help proactively detect any fraud while preserving a positive user experience," says Julie Conroy, research director in Retail Banking at Aite Group.

In comparison, the security solutions that work online will not be universally applicable to mobile, but Aite Group sees that there are still lessons that can be learned from the online channel. Many of the strategies and technologies that have proven effective online can be applied to mobile, with adaptation to reflect some of the challenges unique to mobile.

Financial institutions and merchants are employing a number of successful strategies as they seek to create a highly secure, user-friendly mobile environment. These include embedded security, which actually gives the app environment the potential to be more secure than mobile browsers since users download the software onto their devices with security already embedded in a number of different ways, as well as extending defenses to the transactions themselves. Effective defensive tools will analyze data about the transaction itself to determine whether it exhibits anomalies indicative of fraudulent behavior.

“With the increasing availability of high-risk transactions from the mobile device, it is important to use technologies such as behavioral analytics that can detect anomalous transaction activity. Financial institutions need to ensure there is embedded security in downloadable apps. They should take advantage of the fact that consumers are willingly downloading a piece of software and embed security to shield it from malware that might already be on the device,” Aite says in its report.

As financial institutions build their mobile strategies, they also need to be mindful of the pace at which mobile technology is progressing, says Aite Group. Investments should be designed with the flexibility to adapt to the rapid rate of progress and be reflective of the fact that devices are deemed outdated and only minimally supported one year from release. This further highlights the importance of a multipronged approach that does not rely exclusively on endpoint protection or device intelligence, but instead takes a balanced approach that incorporates those aspects along with device-neutral intelligence such as behavioral analytics.

"Given the continued rise in mobile channel usage, as well as the increasingly high-risk transaction capabilities that banks and merchants are pushing to the channel, it is imperative that financial services organizations defend against rapidly emerging threats," Conroy says.

Meanwhile, Aite recommends that technology providers hire white-hat hackers to test mobile security. They should perform penetration testing on mobile apps, enabling financial institutions to discover the vulnerabilities before the criminals do. Testing should be repeated any time significant enhancements are pushed to the mobile platform.

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: Real-Time Payments in the U.S. Market

Time/Date: June 16, 2021 2:00 p.m. ET

The U.S. has come a long way in its journey to real-time payments, with TCH and Zelle in market and FedNow just around the corner. COVID-19 has accelerated that demand to move to real-time. Yet many financial institutions remain unconvinced of the need to move, with less than 3% of financial institutions signed up today.

In this Banking Exchange hosted webinar Celent’s Gareth Lodge, Senior Analyst, Global Payments, and Alacriti’s Mark Ranta, Payments Practice Lead, discuss the findings in the Celent research report, Real-Time Payments in the US Market: Speeding Up or Slowing Down? A Call to Arms.


This webinar is brought to you by:
Alacriti logo