/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2015/01/Christy-Serrato1.jpg)
Christy Serrato
There is a mobile transformation underway for today’s financial institutions. Major elements of this transformation include mobile authentication for online/Internet banking, and the deployment of mobile platforms that enable customers to conduct banking transactions anytime, anywhere.
Key challenges include optimizing the user experience while ensuring that all transactions are secure and customer privacy is protected. There are also increased regulatory requirements to consider, and an evolving threat environment as cyber criminals move to target specific vulnerabilities of the mobile platform.
With 1.75 billion users worldwide in 2014, the smart phone is becoming popular as a multifunctional device that can be used for mobile identities. Security best practice dictates that banks and other financial institutions must secure online access with multi-factor authentication.
With the growing threat landscape, they must also increase fraud controls, yet avoid interrupting the online user experience. This requires strong, dynamic authentication that is more secure than passwords yet convenient and cost-effective.
Online and Mobile Banking Challenges
Banks face many challenges, including ensuring trust and confidence with mobile and other online services as adoption increases. Institutions must deliver multi-channel support while maintaining confidence in digital banking, upholding transaction efficiency, and safeguarding confidential data.
They also must meet increased regulatory guidance such as from the FFIEC for Authentication in an Internet Banking Environment.
A growing concern is preventing account takeovers by protecting against advanced malware and other growing online threats, which is accomplished by adding security defenses in a layered approach.
Finally, banks also must increase operating efficiency, by minimizing the problems of disparate processes, legacy systems and applications while doing everything as cost-effectively as possible. In short, banks face a dramatically changing environment, in which a growing percentage of IT budget is focused on maintaining their digital infrastructure.
As online and mobile channels converge, customers also want to bank anywhere, anytime. Multi-channel integration becomes more important, and the industry is already shifting to an omni-channel model that raises the bar for customer-centricity and meeting service expectations that are becoming more demanding.
Fraudsters who are adopting more sophisticated and dangerous tactics, with increasingly focus on credential theft, are responsible for the biggest threat to the growth of digital banking. Defending against mobile-based threats requires a more effective approach to identity assurance, as most authentication controls have documented vulnerabilities and malware specific to mobile is increasing.
Simple passwords are already widely known to be compromised. Fraudsters have also effectively overcome other traditional authentication methods. They unleash advanced threats such as phishing, keystroke logging, system resource manipulation, screen capture and chosen plain text brute force attacks to hijack account access and compromise transactions.
As fraudsters continue to introduce more sophisticated attacks, the adoption of advanced authentication methods has become a matter of protecting both the bank’s brand reputation and its bottom line.
Financial institutions seeking to implement multi-factor authentication (MFA) have historically been able to choose from a number of different methods and form factors, including OTP tokens, OTP challenge/response calculators, smart cards with readers, numeric grids printed on cards or sheets of paper, and various combinations of the above.
Most banks have implemented strong hardware-based authentication for their commercial customers but fewer on the consumer side, thinking it costly and complicated to deploy and manage, and inconvenient for users. This all changes, however, with the advent of advanced mobile security that fosters a convenient banking experience with out-of-band strong authentication.
Additionally, all strong authentication solutions should be implemented as part of a larger, multi-layered, context-based security strategy that also includes device profiling, malware forensics, transaction verification, and mutual authentication between the user and the application. This requires an integrated versatile authentication platform with real-time threat detection capabilities.
The security benefits to the financial institution are immediate and provide customers with the peace of mind that their online banking provider has taken steps to provide a secure environment in which to conduct their financial transactions conveniently.
Conclusion
Financial transaction security must continue to evolve in order to withstand existing and evolving threats while accommodating growth in digital banking. By providing customers with strong authentication capability on their mobile devices, they are able to generate their own OTPs for online banking in an easy, fast and secure manner, and the same strong authentication functionality can be embedded to secure mobile banking platforms for even more frictionless anytime/anywhere banking, as well.
The author is in Solutions Marketing, Identity Assurance, HID Global