/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsSAN FRANCISCO, USA: With 44 per cent of banking consumers, the mobile browser is the most widely used of the three channels and is perceived by the consumer to be the most secure. Mobile bankers with smartphones view the browser as an extension of online banking.
However, banking using a downloaded app is the second most widely used channel and actually the safest for mobile bankers, with 25 per cent of consumers using this channel. This channel is. App banking has the potential to replace online banking altogether and serve as the consumer's primary access to the FI.
"Like the great land rush, some FIs are hurrying in to carve out their territory in the mobile space. Unfortunately, rushing headlong into mobile without focusing on security can have disastrous results," said Phil Blank, Managing Director,
Security, Risk and Fraud at Javelin. "FIs need to educate consumers about security issues with each mobile banking channel and encourage users not to jailbreak their phones. In addition, FIs should direct mobile bankers to use the
downloaded application, the most secure channel, where FIs have more control than the browser or SMS."
For its 5th Annual Mobile Security Report: Mitigating Security Risks Transforms the Mobile Banking Channel, Javelin surveyed more than 3,000 consumers about their mobile banking preferences and concerns to establish profiles of SMS, mobile browser, and application bankers.
Javelin's Mobile Security Checklist
SMS texting: Financial Institutions should educate consumers about SMiShing, a form of phishing that uses text messages to trick consumers into giving up personal information, in order to combat these types of attacks.
Mobile browsers: Financial Institutions should encourage consumers to download third-party security software to help them vet websites and protect against viruses. While less important in non-jailbroken IOS devices, it is extremely important in the Android environment.
Downloadable apps: Financial Institutions should follow good standard security practices: Security style guides for developers, MATs and FATs security testing in QA, blind penetration testing by independent third parties and access penetration testing by independent third parties. Thoroughly vetting financial applications is essential because they regularly deal with sensitive consumer information.
Remote Deactivation: Financial Institutions should build into their applications the ability to remotely 'deactivate' their application. Any data stored on the device should be done so fully encrypted and in such a way that the FI's application can wipe that data in the event the device is lost or stolen.