Mobile Banking Is More Secure Than Online Banking

Accessing your bank’s mobile website or using your bank’s mobile application to access your account is much more secure than conducting traditional online banking on your computer. Pro or con?

Pro: Smartphone Tech Reduces Risks

Mobile banking is on the rise, and chances are you’re one of the 52 percent of consumers who have accessed some form of mobile banking in the past six months. Yet perceived security risks remain a hindrance to full adoption of the technology. In truth, accessing your account via your bank’s mobile website or using your bank’s mobile app is as secure, if not more secure, than banking online via PC. Why?

People always know where their phones are: Studies by Morgan Stanley have shown that the average American (91 percent of those surveyed) has his or her cell phone within arm’s reach 24 hours a day. Think about the last time you lost your wallet or credit card. How much time passed before you noticed? Your mobile phone is always on and available.

Your mobile banking “identity” is tied to a specific phone: Done correctly, your mobile “identity” can be linked to a specific device, making traditional “man in the middle” security compromises much less relevant.

Consumers can mitigate fraud in real time: SMS (short message service) and push messages for smartphones allow consumers to help banks monitor for fraudulent transactions as they happen.

Geolocation helps curtail fraud: Smart mobile companies are leveraging the GPS capabilities of smartphones to stop fraud before it happens. If a physical credit card is used hundreds of miles from a phone’s location, for example, chances are that one or the other has been stolen.

Future biometric-based security: New smartphones are already being released to leverage this sort of capability. The newest version of the Android mobile operating system, Ice Cream Sandwich, uses facial recognition technology to unlock a user’s phone. And Apple’s introduction of Siri on the iPhone is setting the stage for voice recognition capabilities to come.

Pete Daffern is chief executive officer of mobile banking solutions provider Clairmail, based in San Rafael, Calif.

Con: Your PC Is More Trustworthy

While the mobile platform has many features with the potential to facilitate a safer remote-channel experience over time, today’s online channel typically offers more in the way of robust security. Much of this is the product of necessity: Online banking has been around a lot longer than mobile, offers more transactional capability (much of it higher-risk), and has been much more intensively targeted by malware and other cyberthreats. As a result, online banking platforms are typically more mature in their defenses than are mobile platforms.

Another factor that adds to the risk of mobile banking is consumers’ failure to treat their smartphones like tiny little computers. Few consumers have any form of anti-malware software on their mobile devices and, with little consideration for security, many are willing to download apps of completely unknown provenance from app stores.

Risk executives at financial institutions expect mobile banking to come under more intensive attacks as enhanced transactional capability is deployed to the mobile channel. Aite Group surveyed global risk executives in November 2011 to determine the extent to which they plan to bolster the defenses of the mobile channel over the next two years. Ninety-two percent of respondents expect to deploy increased fraud prevention technology. Sixty-seven percent have projects under way, and 25 percent are waiting to see what kind of threats emerge.

Mobile banking is viewed as a critically important strategic channel by most financial institutions. In order to ensure a secure experience for everyone, the protections must increase alongside the risks.

Julie Conroy McNelley is a senior analyst within Aite Group’s retail banking practice, covering fraud, data security, anti-money laundering, and compliance issues. She works with financial institutions, payment processors, and risk management companies, including Golden Gateway Financial and Early Warning Services.

Opinions and conclusions expressed in the Debate Room do not necessarily reflect the views of Bloomberg Businessweek, Businessweek.com, or Bloomberg LP.

Reader Comments

Jenita

Either in the mobile or online process, if we secure them with corresponding security softwares it means that the process would be more secured, try with mobile and internet security software like combination

Nick

I think security (aside from the transmission of secure data piece) is best implemented in a way that enables the user to be secure. Instead of doing everything for them, give them the tools to do it themselves and you'll end up with a much better result.

Take the old banking paradigm of large granite buildings with huge columns and thick walls. This part of a bank's security isn't hidden away, but paraded out in the open for everyone to see. This reminds customers not only that they are putting their money somewhere secure, but also that it is necessary to keep their money secure. Every time they go to the bank, they are reminded of this.

Marcus

Really ?

What else is Pete Daffern going to say. The fact is that Android phones are highly susceptible to viruses and man-in-the-middle attacks: aka Zeus virus. McAfee and alike are already citing the significant increase in mobile viruses and trojans. Like the PC world, mobile is a roaring emerging target for hackers.

Face recognition on Ice Cream Sandwich works as well with your face, as it does with a photo of your face, aka it is not secure.

Finger scan enabled mobile phone will make a difference moving forward however clearly this is dependent on take-up and whether the financial sector builds the appropriate solutions to support the technology.

Bottom line, we haven't yet seen the tip of exposure and hacking on the mobile platform. It's coming.

- Biometrics and Mobile Specialist

Gordon Simpson

As a technologist, I find it hard to disagree with the comments about the challenges of cyber threat nor the nascent nature of biometrics on US devices but I didn't read Pete's position as stating that mobile somehow automatically overcomes the threats associated with technology and commerce. There are, however, natural elements of a mobile platform and its use that allow us to craft a layered security approach that does provide greater security than would be normal for traditional internet banking.

By combining the greater consumer awareness provided by the "wallet like" relationship with our device, the evolving technology support for more effective lockdown of those devices with multi band communications methods (to notify the consumer of "man at the end" or "man at the middle" attacks, as well as non-mobile fraud attacks) it is possible to create a layered network of security elements that, when combined, deliver a more secure experience that is present in most online models.

We will have to continue to be vigilant and evolve the model as the threats evolve. But it should not be hard to see that mobile has some interesting advantages to create an appropriate security model which can be used to augment the overall consumer banking experience.

Clairmail CTO

Travis

Mobile devices are as susceptible to hackers if not more. How often do people loose their cell phones? I would say way more than when they loose their laptops. And on the security in. The problem with all security online is that they use an out dated methodology, username and passwords. The key to security is always a layered approach. 3-factor authentication would be one of the best methods with biometric as an additional security feature. Digital certificates using PKI(public key infrastructure) would be my suggestion. Banks will tell you that they can't guarantee you that your account want be hacked. The reason is simple, "plausible denial ability". Banks are afraid of being sued. They are simply in the business of making money. So they will do the minimum required by law to secure your login access. The only way to make them increase their security is by the "force of law". It will take an act of congress to make them conform to a more robust security methodology. And the bank lobbyist will fight that every step of the way.

- CA Administrator

Daniel Döderlein

Assuming you access online services your mobile phone can use all the industry standards to make the data transmission secure. If the App you are using verifies the certificate of the other party you have a secure channel (TLS) that is just as good as on your PC.

If you throw in RSA keys, session tokens and online (towards server) verification with 3 strikes your out policies you have “removed” the brute force risk.

In addition; a mobile phone gives away more data than your PC, which in turn can be used to make the communication even more secure. Where are you, what is your normal pattern when accessing the services, are you on a telco or public wifi IP etc. There is a lot of stuff that can happen behind the scenes to make mobile transactions more secure than on your PC.

Now; you are more likely to get lured into social engineering situations on your phone as its so accecible and the screen is smaller and the interaction is faster. An SMS that asks you to click a link and give away your password will happen more often on your mobile (in the future) than it now happens with phishing emails on your PC. That problem will never go away, and stupid people will get trapped as they give away sensitive information to scammers.

Mobile transactions are technically safer than on your PC as there is more and accurate data available when you connect. Technically they both support the same level of security, but the app running on your phone can use certificates and RSA keys to make it as secure as you can get it. Your PIN or Passphrase will always be a desirable thing to steal, regardless of terminal.

Join the Debate

 

Participate More!

Please send us your ideas for new Debate Room topics. If you're an academic, association officer, or other industry expert and would like to write a Debate Room essay, send us a query. Questions? See the

BW Mall - Sponsored Links

Buy a link now!