The inception of smart device technology has triggered a notable rise in use of mobile banking applications. A recent financial survey by Aite projects the total number of users performing mobile phone banking is expected to rise 300% over the next four years. The report explains that smartphone owners use their banking mobile applications for increased convenience and fraud prevention through proactive account management. Another popular mobile phone banking activity is account activity monitoring; viewing bank statements, fund transfers, online bill payments and quickly locating nearby ATMs or branches.
Apart from customer convenience and satisfaction, financial institutions believe that by having their mobile applications in app stores, they are given more opportunities to interact with their customer—opening a new door for marketing initiatives. It becomes easier for them to support and easily integrate with up-and-coming mobile technologies like NFC (Near Field Communication) and MAC (Mobile Access Cash). These advantages begotten by the mobile revolution are just the tip of the iceberg for what is yet to come in the banking sector.
Advantages of Mobile Banking Outweighed by Fears
According to a 2012 Juniper survey, a slim majority (51%) of US consumers sampled indicated moderate trust in the security of their mobile banking applications. The situation becomes even more suspect when a user accesses his account and monitors his banking activities from a device separate from their own. In essence, securing the data on these devices is the prime challenge for the smartphone owner and banking institution alike.
Another security threat financial institutions face today is the bring your own device (BYOD) workforce. In attempt to quash BYOD fears, large financial institutions such as Barclays have banned use of personally-owned devices and have bulk ordered customized iPads for their employees. To amplify the user experience, IT created unique user credentials for App Store use, giving employees the power to download mobile applications of their choice.
Is a blanket ban on BYOD a successful strategy for eliminating data security vulnerabilities? Viruses and Trojan horses disguised as mobile applications are making the rounds on the App Store. Another unclosed security loop hole: device OS upgrades. Because the device belongs to the organization, not the individual, what are the chances the employee feels compelled to undertake the upgrade?
Provisioning Security within the Mobile Ecosystem
Instead of trying to secure data on every device, belonging to both customers and employees, banking institutions must redirect their focus toward the mobile ecosystem itself. Their strategy must entail tightening of security at a very granular level without much supervision and support. Here’s a step-by-step process that can be followed to implement a robust data protection strategy:
- Provide Support for On-Demand Access: This approach suggests that IT permits or restricts access to a document or a folder based on a role, location and device. If information is stored in a central location, the IT admin can push the location link of the requested file or folder to the device instead of asking users to browse to the location. Smartphone owners may in turn read, edit or record the information stored. This approach eliminates the chance of the information leaving its secured premises (in other words, being saved on the end users' device).
- Be a Cloud Gatekeeper: Cloud services and applications have simplified our task management by allowing us to execute them in a single, centralized manner. However, keeping data unencrypted within the cloud leaves it subject to infiltration, which can in turn come back to haunt an organization. IT admins must control and monitor the data access to the cloud. Part of this responsibility includes educating employees about the types of documents that are suitable for uploading and saving n the cloud. Defining role-based access to cloud resources is a popular mobile device data protection strategy.
- Set up Policies for Monitoring Smartphone and Tablet Behavior:
- Enforce strong passwords on mobile devices accessing sensitive and confidential data/resources
- Execute complete logout from the mobile application or location
- Permit access only via secured wireless networks
- Identify and blacklist apps snooping into an organizations intellectual data
- Send alerts for an unauthorised use
- Detect and notify any rooted or jailbroken devices residing in the network
- Enforce Data Encryption on Every BYOD Device. Banking tools and applications must enforce data relay over a secured tunnel to provision data security on devices residing within corporate perimeters as well as customer and BYOD devices.
- Enforce Enabled GPS. This will help prevent fraud and data breaches targeted toward both customer and BYOD devices.
By following the steps above, you are one step closer to total enterprise mobility in the utmost secure fashion. Emphasizing mobile data security and managing sensitive and critical data for your financial institution is mission critical. As a financial institution, it is your responsibility to take every precaution. A ban on BYOD devices is not the resolution. Rather, recognizing the impending distribution of your data on unsecured and unnumbered mobile devices is the first step that must be taken.
Click here to read a case study on the Desert Schools Federal Credit Union, and how they’ve leveraged our industry leading cloud-based mobile device management (MDM) service to take the initial steps required for secure mobility in finance. More information about MaaS360 for Financial Institutions can be found by downloading a comprehensive and complementary solution overview below.