Entersekt offers guidance on securing the mobile channel amidst FBI cautions
US Federal Bureau of Investigation warns that cybercriminals are increasingly targeting mobile banking apps – here’s what banks can do
Entersekt, a global specialist in digital security solutions, today released its updated guidance for financial institutions, Securing the Mobile Banking Channel, a white paper. This follows the FBI warning that an increase in attacks on banking applications by cybercriminals and fraudsters is likely, as consumers stuck at home during the COVID-19 pandemic rely more heavily on these platforms. And with recent research pointing to a marked distrust in banking communications among banking customers in the United Kingdom, it has never been as important for financial institutions to get the security of the mobile channel right.
“Current solutions to digital fraud have failed to alleviate consumer uneasiness around mobile banking security and have had a negative impact on the user experience,” said Christian Ali, SVP product, Entersekt. “Meanwhile, mobile malware is evolving fast, threatening to make the situation worse. If banks want to protect their customers from account takeover fraud and secure their futures in a disrupted marketplace, they must intelligently reengineer user and transaction authentication on the mobile channel as the first, crucial step on that path.”
Entersekt’s free-to-access whitepaper outlines the opportunities presented by mobile, as well as the new set of threats that arise from it, including the explosive rise of mobile malware, vulnerabilities stemming from poor app design and configuration, weaknesses in mobile device ID, as well as flawed authentication. Importantly, it also addresses the necessary balance of regulatory-compliant security and ease-of-use. In other words, how financial institutions can solve the security and user experience equation.
It then lays out the best practices to secure the mobile channel in order for organizations to take full control over their security. These include:
Avoiding reliance on SMS, OTPs, and native device security
Harnessing the power of public-key infrastructure on mobile phones
Building a second, secure channel for user transaction and authentication
Taking a layered approach to boost security for high-value, high-risk transactions
Involving customers in securing their transactions