UK's Financial Conduct Authority (FCA) has published an interim report exploring some early findings of a review into mobile banking services, setting out the possible risks to consumers and areas that firms should consider when developing their services.
When it comes to financial services, consumers want convenience and security. Mobile can deliver a strong value proposition here so it is inevitable that mobile banking services are attracting the FCA’s attention. Mobile is clearly at the centre of a revolution
that is happening. This is logical as we have an intelligent, sophisticated device that is with us 24x7, be it their smartphone or tablet, consumers expect to be able to control their lives through this one device, for communication, work, shopping, watching
films, playing games and listening to music. The attitude of consumers to banking and payments is no different, and why should it be? The mobile device is set to become the dominant device to enable a paradigm shift in traditional business models, and the
device to enable new business models and experiences.
Mobile banking services appear in a number of forms, greater than that within the FCA scope, and includes balance checks, electronic statements, payee creation, inter and intra account transfers, P2P remittances, cardless ATM withdrawals, stored electronic
cards, coupons and loyalty, NFC and Geo-fencing to name but some.
As some of these transactions and capabilities can carry considerable risk, fraudsters will certainly be drawn to the new way that we can make payments and quick to capitalise on any inherent weaknesses. As the payments space moves mobile we need suitable
solutions for this new area; the FCA is right to engage early with the FS industry on that area.
Many of the mobile-based offerings available today provide little usable functionality, possibly due to weak registration processes, whilst others require onerous registration processes that are more aligned with other, traditional banking channels.
The trick, as is so often the case with electronic financial services, is finding the right balance between security and convenience. This needs to extend to the full lifecycle of the mobile banking app, not just the registration.
At ValidSoft we believe that as all mobile banking apps are inherently based on mobile telecommunications, so too should the security. Using a combination of visible and invisible techniques to create a layered, multi-factor approach is critical for both
enrolment and the on-going authentication for high-risk transactions whilst creating a user-friendly experience.
In-band voice biometrics is an example of this approach, using the high-definition data channel for voice transport to create a low-friction but highly secure approach, with a trusted mobile phone number being all that’s required to securely enrol in the
The solutions do exist today and I will look forward with interest to the final conclusions and detailed risk assessments arising from the FCA’s final report.