Blog article
See all stories »

Why is Mobile Banking Considered Unsafe?

According to an American Banker survey conducted this year, the percentage of consumers who consider mobile banking “safe” or “very safe” actually fell in the last 12 months from 42% (2012) to 38% (2013).  The continued low uptake of mobile banking clearly has a lot to do with security. (It doesn’t help either that more than half of those polled said that their banking needs are met without mobile banking, but that’s a topic for another blog.)

So how much of this security fear is warranted? What are the real security issues? Consumers consider that mobile banking is inherently more dangerous than online banking since the mobile phone is physically, well, mobile. Is this justified?

Firstly, a mobile phone can be easily lost or stolen. This is indeed true and every user’s greatest fear. If not well protected, the phone, even turned off and locked, can be compromised in the hands of someone who knows what they are doing.

Secondly, connecting to external networks and Wi-Fi hotspots provides a means by which user credentials (shared between mobile and online banking applications) can be stolen and then used to obtain access to the account from any computer in the world. That’s scary.

Thirdly, mobile apps are also exposed to viruses, Trojan horses, and other inadvertently downloaded malware which allow hackers to access information on the phone. This is particularly relevant to Google Android users: a recent Symantec report highlighted that this open OS continues to be a principal target for malware. This is mostly due to the fact that Android allows downloading of apps from third party stores or by side-loading (via a user-enabled setting). The closed platform offered by Apple allows less opportunity for tampering.

All of these concerns are valid, but they can be easily allayed by coordinated efforts of the bank and the consumer.

The weakest link in the mobile banking security is the user, but simple tips can greatly reduce risk: locking the phone when not in use, using and changing your mobile phone access code, not disclosing or sending passwords, keeping your device updated with the most recent software, applying anti-virus software for Android, using secure networks whenever possible, not jail-breaking your device, and using only trusted apps from official app stores.

From the bank side, a mobile banking app should adhere to industry best practices: limiting the storage of personal information on the device, always using communication via a Secure Socket Layer (SSL) connection, not allowing installation of the app if the phone has been jail-broken, applying a connection timeout, using a three level authentication mechanism (user, password, and reference code – this last can be fixed or a one-time password from a security token), minimizing and obfuscating software code, and using virtual keyboards to mask user-entered passwords and codes.

These safeguards are easy to implement for both the bank and the user, and they can make mobile banking as safe as online banking. The future of mobile banking depends on both sides taking responsibility to reduce risk. Do you think that this will be enough to calm users’ fears and improve next year’s numbers?


Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 28 May, 2013, 17:28Be the first to give this comment the thumbs up 0 likes

Typing a username and a password is painful enough on a touchscreen. 3FA is unthinkably excruciating. This is not just my personal opinion. After the regulator made 2FA mandatory for mobile shopping in India, the channel has been all but decimated. The way I see it, security concerns are just a bogey. When people get value, they don't mind giving away their banking access credentials to startups like Mint, BillGuard and others. IMO, the slow offtake of mobile banking owes itself to the way it's currently designed to be an extension of Internet Banking, which lacks compelling value. If mobile banking exploits smartphone's features like camera, GPS and accelerometer to support features - viz. Mobile RDC - that are simply not possible on a PC, then it's likely to find far greater traction. GoBank is trying exactly that.

Member since




More from member

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all

Now hiring