Is Mobile Banking Secure

- 18.10

Nationwide's Extra Secure Mobile Banking App!
photo src: mobileappdaily.com

Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a mobile phone or tablet. It uses software, usually called an app, provided by the financial institution for the purpose. Mobile banking is usually available on a 24-hour basis. Some financial institutions have restrictions on which accounts may be accessed through mobile banking, as well as a limit on the amount that can be transacted.

Transactions through mobile banking may include obtaining account balances and lists of latest transactions, electronic bill payments, and funds transfers between a customer's or another's accounts. Some apps also enable copies of statements to be downloaded and sometimes printed at the customer's premises; and some banks charge a fee for mailing hardcopies of bank statements.

From the bank's point of view, mobile banking reduces the cost of handling transactions by reducing the need for customers to visit a bank branch for non-cash withdrawal and deposit transactions. Mobile banking does not handle transactions involving cash, and a customer needs to visit an ATM or bank branch for cash withdrawals or deposits. Many apps now have a remote deposit option; using the device's camera to digitally transmit cheques to their financial institution.

Mobile banking differs from mobile payments, which involves the use of a mobile device to pay for goods or services either at the point of sale or remotely, analogously to the use of a debit or credit card to effect an EFTPOS payment.


photo src: www.gfmag.com


Maps, Directions, and Place Reviews



History

The earliest mobile banking services used SMS, a service known as SMS banking. With the introduction of smart phones with WAP support enabling the use of the mobile web in 1999, the first European banks started to offer mobile banking on this platform to their customers.

Mobile banking before 2010 was most often performed via SMS or the mobile web. Apple's initial success with iPhone and the rapid growth of phones based on Google's Android (operating system) have led to increasing use of special mobile apps, downloaded to the mobile device. With that said, advancements in web technologies such as HTML5, CSS3 and JavaScript have seen more banks launching mobile web based services to complement native applications. A recent study (May 2012) by Mapa Research suggests that over a third of banks have mobile device detection upon visiting the banks' main website. A number of things can happen on mobile detection such as redirecting to an app store, redirection to a mobile banking specific website or providing a menu of mobile banking options for the user to choose from.


Is Mobile Banking Secure Video



A mobile banking conceptual

In one academic model, mobile banking is defined as:

Mobile Banking refers to provision and availment of banking- and financial services with the help of mobile telecommunication devices.The scope of offered services may include facilities to conduct bank and stock market transactions, to administer accounts and to access customised information."

According to this model mobile banking can be said to consist of three inter-related concepts:

  • Mobile accounting
  • Mobile brokerage
  • Mobile financial information services

Most services in the categories designated accounting and brokerage are transaction-based. The non-transaction-based services of an informational nature are however essential for conducting transactions - for instance, balance inquiries might be needed before committing a money remittance. The accounting and brokerage services are therefore offered invariably in combination with information services. Information services, on the other hand, may be offered as an independent module.

Mobile banking may also be used to help in business situations as well as financial


Florida Capital Bank | security, mobile banking security, cyber ...
photo src: blog.floridacapitalbank.com


Mobile banking services

Typical mobile banking services may include:

Account information

  1. Mini-statements and checking of account history
  2. Alerts on account activity or passing of set thresholds
  3. Monitoring of term deposits
  4. Access to loan statements
  5. Access to card statements
  6. Mutual funds / equity statements
  7. Insurance policy management

Transaction

  1. Funds transfers between the customer's linked accounts
  2. Paying third parties, including bill payments and third party fund transfers(see, e.g., FAST)
  3. Check Remote Deposit

Investments

  1. Portfolio management services
  2. Real-time stock quotes
  3. Personalized alerts and notifications on security prices

Support

  1. Status of requests for credit, including mortgage approval, and insurance coverage
  2. Check (cheque) book and card requests
  3. Exchange of data messages and email, including complaint submission and tracking
  4. ATM Location

Content services

  1. General information such as weather updates, news
  2. Loyalty-related offers
  3. Location-based services

A report by the US Federal Reserve (March 2012) found that 21 percent of mobile phone owners had used mobile banking in the past 12 months. Based on a survey conducted by Forrester, mobile banking will be attractive mainly to the younger, more "tech-savvy" customer segment. A third of mobile phone users say that they may consider performing some kind of financial transaction through their mobile phone. But most of the users are interested in performing basic transactions such as querying for account balance and making bill payment.

Future functionalities in mobile banking

Based on the 'International Review of Business Research Papers' from World business Institute, Australia, following are the key functional trends possible in world of Mobile Banking.

With the advent of technology and increasing use of smartphone and tablet based devices, the use of Mobile Banking functionality would enable customer connect across entire customer life cycle much comprehensively than before. With this scenario, current mobile banking objectives of say building relationships, reducing cost, achieving new revenue stream will transform to enable new objectives targeting higher level goals such as building brand of the banking organization. Emerging technology and functionalities would enable to create new ways of lead generation, prospecting as well as developing deep customer relationship and mobile banking world would achieve superior customer experience with bi-directional communications. Among digital channels, mobile banking is a clear IT investment priority in 2013 as retail banks attempt to capitalise on the features unique to mobile, such as location-based services.

Illustration of objective based functionality enrichment In Mobile Banking

  • Communication enrichment: - Video Interaction with agents, advisors.
  • Pervasive Transactions capabilities: - Comprehensive "Mobile wallet"
  • Customer Education: - "Test drive" for demos of banking services
  • Connect with new customer segment: - Connect with Gen Y - Gen Z using games and social network ambushed to surrogate bank's offerings
  • Content monetization: - Micro level revenue themes such as music, e-book download
  • Vertical positioning: - Positioning offerings over mobile banking specific industries
  • Horizontal positioning: - Positioning offerings over mobile banking across all the industries
  • Personalization of corporate banking services: - Personalization experience for multiple roles and hierarchies in corporate banking as against the vanilla based segment based enhancements in the current context.
  • Build Brand: - Built the bank's brand while enhancing the "Mobile real estate".

Five Tips for Secure Mobile Banking | Identity Theft | Articles ...
photo src: www.idtheftcenter.org


Challenges for a mobile banking solution

Key challenges in developing a sophisticated mobile banking application are :

Handset accessibility

There are a large number of different mobile phone devices and it is a big challenge for banks to offer a mobile banking solution on any type of device. Some of these devices support Java ME and others support SIM Application Toolkit, a WAP browser, or only SMS.

Initial interoperability issues however have been localized, with countries like India using portals like "R-World" to enable the limitations of low end java based phones, while focus on areas such as South Africa have defaulted to the USSD as a basis of communication achievable with any phone.

The desire for interoperability is largely dependent on the banks themselves, where installed applications(Java based or native) provide better security, are easier to use and allow development of more complex capabilities similar to those of internet banking while SMS can provide the basics but becomes difficult to operate with more complex transactions.

There is a myth that there is a challenge of interoperability between mobile banking applications due to perceived lack of common technology standards for mobile banking. In practice it is too early in the service lifecycle for interoperability to be addressed within an individual country, as very few countries have more than one mobile banking service provider. In practice, banking interfaces are well defined and money movements between banks follow the IS0-8583 standard. As mobile banking matures, money movements between service providers will naturally adopt the same standards as in the banking world.

In January 2009, Mobile Marketing Association (MMA) Banking Sub-Committee, chaired by CellTrust and VeriSign Inc., published the Mobile Banking Overview for financial institutions in which it discussed the advantages and disadvantages of Mobile Channel Platforms such as Short Message Services (SMS), Mobile Web, Mobile Client Applications, SMS with Mobile Web and Secure SMS.

Security

As with most internet-connected devices, as well as mobile-telephony devices, cybercrime rates are escalating year-on-year. The types of cybercrimes which may affect mobile-banking might range from unauthorized use while the owner is using the toilet, to remote-hacking, or even jamming or interference via the internet or telephone network datastreams. In the banking world, currency rates may change by the millisecond.

Security of financial transactions, being executed from some remote location and transmission of financial information over the air, are the most complicated challenges that need to be addressed jointly by mobile application developers, wireless network service providers and the banks' IT departments.

The following aspects need to be addressed to offer a secure infrastructure for financial transaction over wireless network :

  1. Physical part of the hand-held device. If the bank is offering smart-card based security, the physical security of the device is more important.
  2. Security of any thick-client application running on the device. In case the device is stolen, the hacker should require at least an ID/Password to access the application.
  3. Authentication of the device with service provider before initiating a transaction. This would ensure that unauthorized devices are not connected to perform financial transactions.
  4. User ID / Password authentication of bank's customer.
  5. Encryption of the data being transmitted over the air.
  6. Encryption of the data that will be stored in device for later / off-line analysis by the customer.

One-time password (OTPs) are the latest tool used by financial and banking service providers in the fight against cyber fraud. Instead of relying on traditional memorized passwords, OTPs are requested by consumers each time they want to perform transactions using the online or mobile banking interface. When the request is received the password is sent to the consumer's phone via SMS. The password is expired once it has been used or once its scheduled life-cycle has expired.

Because of the concerns made explicit above, it is extremely important that SMS gateway providers can provide a decent quality of service for banks and financial institutions in regards to SMS services. Therefore, the provision of service level agreements (SLAs) is a requirement for this industry; it is necessary to give the bank customer delivery guarantees of all messages, as well as measurements on the speed of delivery, throughput, etc. SLAs give the service parameters in which a messaging solution is guaranteed to perform.

Scalability and reliability

Another challenge for the CIOs and CTOs of the banks is to scale-up the mobile banking infrastructure to handle exponential growth of the customer base. With mobile banking, the customer may be sitting in any part of the world (true anytime, anywhere banking) and hence banks need to ensure that the systems are up and running in a true 24 x 7 fashion. As customers will find mobile banking more and more useful, their expectations from the solution will increase. Banks unable to meet the performance and reliability expectations may lose customer confidence. There are systems such as Mobile Transaction Platform which allow quick and secure mobile enabling of various banking services. Recently in India there has been a phenomenal growth in the use of Mobile Banking applications, with leading banks adopting Mobile Transaction Platform and the Central Bank publishing guidelines for mobile banking operations.

Application distribution

Due to the nature of the connectivity between bank and its customers, it would be impractical to expect customers to regularly visit banks or connect to a web site for regular upgrade of their mobile banking application. It will be expected that the mobile application itself check the upgrades and updates and download necessary patches (so called "Over The Air" updates). However, there could be many issues to implement this approach such as upgrade / synchronization of other dependent components.

User adoption

It should be noted that studies have shown that a huge concerning factor of having mobil banking more widely used, is a banking customer's unwillingness to adapt. Many consumers, whether they are misinformed or not, do not want to begin using mobile banking for several reasons. These can include the learning curve associated with new technology, having fears about possible security compromises, just simply not wanting to start using technology, etc.

Personalization

It would be expected from the mobile application to support personalization such as :

  1. Preferred Language
  2. Date / Time format
  3. Amount format
  4. Default transactions
  5. Standard Beneficiary list
  6. Alerts

Mobile Banking Security | First National Bank of Groton
photo src: www.grotonbank.com


Mobile banking in the world

This is a list of countries by mobile banking usage as measured by the percentage of people who had non-SMS mobile banking transactions in the previous three months. The data is sourced from Bain, Research Now and Bain along with GMI NPS surveys in 2012.

African nations such as Kenya would rank highly if SMS mobile banking were included in the above list. Kenya has 38% of the population as subscribers to M-Pesa as of 2011. Though as of 2016 mobile banking applications have seen a tremendous growth in kenyan banking sector who have capitalised on android play store and apple store to put their applications. Kenyan banks like Equity Bank Kenya Limited Eazzy banking application and The Co-operative Bank Mco-op cash application have proved to be a success mobile banking applications.

Mobile banking is used in many parts of the world with little or no infrastructure, especially remote and rural areas. This aspect of mobile commerce is also popular in countries where most of their population is unbanked. In most of these places, banks can only be found in big cities, and customers have to travel hundreds of miles to the nearest bank.

In Iran, banks such as Parsian, Tejarat, Pasargad Bank, Mellat, Saderat, Sepah, Edbi, and Bankmelli offer the service. Banco Industrial provides the service in Guatemala. Citizens of Mexico can access mobile banking with Omnilife, Bancomer and MPower Venture. Kenya's Safaricom (part of the Vodafone Group) has the M-Pesa Service, which is mainly used to transfer limited amounts of money, but increasingly used to pay utility bills as well. In 2009, Zain launched their own mobile money transfer business, known as ZAP, in Kenya and other African countries. Several other players in Kenya such as Tangerine, MobiKash and Funtrench Limited also have network-independent mobile money transfer. In Somalia, the many telecom companies provide mobile banking, the most prominent being Hormuud Telecom and its ZAAD service.

Telenor Pakistan has also launched a mobile banking solution, in coordination with Taameer Bank, under the label Easy Paisa, which was begun in Q4 2009. Eko India Financial Services, the business correspondent of State Bank of India (SBI) and ICICI Bank, provides bank accounts, deposit, withdrawal and remittance services, micro-insurance, and micro-finance facilities to its customers (nearly 80% of whom are migrants or the unbanked section of the population) through mobile banking.

In a year of 2010, mobile banking users soared over 100 percent in Kenya, China, Brazil and United States with 200 percent, 150 percent, 110 percent and 100 percent respectively.

Dutch Bangla Bank launched the very first mobile banking service in Bangladesh on 31 March 2011. This service is launched with 'Agent' and 'Network' support from mobile operators, Banglalink and Citycell. Sybase 365, a subsidiary of Sybase, Inc. has provided software solution with their local partner Neurosoft Technologies Ltd. There are around 160 million people in Bangladesh, of which, only 13 per cent have bank accounts. With this solution, Dutch-Bangla Bank can now reach out to the rural and unbanked population, of which, 45 per cent are mobile phone users. Under the service, any mobile handset with subscription to any of the six existing mobile operators of Bangladesh would be able to utilize the service. Under the mobile banking services, bank-nominated Banking agent performs banking activities on its behalf, like opening mobile banking accounts, providing cash services (receipts and payments) and dealing with small credits. Cash withdrawal from a mobile account can also be done from an ATM validating each transaction by 'mobile phone & PIN' instead of 'card & PIN'. Other services that are being delivered through mobile banking system are person-to-person (e.g. fund transfer), person-to-business (e.g. merchant payment, utility bill payment), business-to-person (e.g. salary/commission disbursement), government-to-person (disbursement of government allowance) transactions.

In May 2012, Laxmi Bank Limited launched the very first mobile banking in Nepal with its product Mobile Khata. Mobile Khata currently runs on a third-party platform called Hello Paisa that is interoperable with all the telecoms in Nepal viz. Nepal Telecom, NCell, Smart Tel and UTL, and is also interoperable with various banks in the country. The initial joining members to the platform after Laxmi Bank Limited were Siddartha Bank, Bank of Kathmandu, Commerz and Trust Bank Nepal and International Leasing and Finance Company.

Barclays offers a service called Barclays Pingit, and Hello Money offering services in Africa, allowing transfer of money from the United Kingdom to many parts of the world with a mobile phone. Pingit is owned by a consortium of banks. In April 2014, the UK Payments Council launched the Paym mobile payment system, allowing mobile payments between customers of several banks and building societies using the recipient's mobile phone number.

Source of the article : Wikipedia



EmoticonEmoticon

 

Start typing and press Enter to search