Digital access channels are becoming increasingly important for financial institutions and their customers. Mobile channels, in particular, are rapidly gaining importance. The resulting new threats to data security pose a significant challenge for banks and savings banks.
The modern customer is used to using a large number of offers and services digitally and mobile at any time and from anywhere. This also applies to an increasing extent to banking services. For the banks, this means that the broadest possible range of digital services represents a clear competitive advantage. It is becoming increasingly important for them to give their customers flexible access to all communication channels and types of offers.
In addition to mobile payment, other services such as digital safes or account overviews from various institutes and new services (such as digital identity verification for third-party contracts) are playing an increasing role. If another bank offers the customer a more attractive range of services, they can already switch providers spontaneously digitally and in just a few minutes.
New Service Channels And Points Of Attack
The central element in this digitization of banking services is the customer’s mobile device, which provides functionalities via specially developed apps. As a rule, this is a tablet or smartphone, but so-called “wearables” such as smartwatches or “smart speakers” such as Amazon Echo or Google Home are increasingly being added, so that digitization is not only being used by the established banks but also be driven by other companies such as mobile phone providers, device manufacturers (including Samsung, LG, Huawei) and the so-called “over the top players” such as Google, Facebook, Amazon and Apple.
There are many devices (> 30,000 pieces) on the market for mobile devices, on which more than 2 million apps are already being used. The increasing use of end devices for financial transactions makes them more and more interesting for the “dark side of power”. Smartphones are increasingly becoming the target of attacks in which identities or data are stolen, and transactions may be manipulated. This presents the banks and the entire ecosystem with the same challenge: securing the various channels for digital payments and protecting the digital identity of users.
Protection Of Digital Identities
The question is who users trust and who they think should be responsible for securing identities and transactions. The banks have a tremendous historical advantage here; they still have the trust of their customers. To meet this responsibility, however, they need a clever, adapted IT strategy that transparently guarantees the security of digital processes for the end customer. So what can banks do to ensure security in the digital banking world?
About mobile devices, it is essential that the security concept is not limited to just one area but is approached holistically since the devices offer a wide variety of points of attack due to the system architecture. Appropriate procedures protect the source code of the banking programs, provide secure storage for digital identities (keyword “white box crypto”) and ensure secure communication with the backend, including encryption.
In addition, exemplary implementations ensure that the environment in which an application is run is also secure. For example, it must be prevented that apps can be copied or cloned from one device to another. A device fingerprint created according to particular criteria makes it possible to reliably determine at any time whether it is the original device and whether it is in a safe operating state.
In terms of lifecycle management, modern processes go one step further. In addition to the protective measures on the mobile devices themselves, they have an additional server component. This ensures that an application is managed comprehensively and traceably throughout its useful life. For example, updates are imported securely, and a customer’s credentials (“credentials” for using certain digital services) are securely managed. Such solutions and procedures also consider the extended data protection requirements according to the latest legislation.
Trust Needs Security
The banks are racing to win over customers with attractive services and their trust in the security of digital services and processes. Only those who act successfully at all levels will be able to win:
- By providing consumers with new, exciting digital services as quickly as possible
- By ensuring the highest level of security for customers when processing their digital financial transactions
- By complying with the regulations specified by legislators at the national and European levels in support of end customers
It is time to act and ensure through a holistic and integrative expansion of the security components that the most critical asset in the customer relationship – namely the customers’ existing trust in the banks’ security – can be efficiently protected.
Also Read: Cyber Risks: The Human Factor