It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and then locked those phones for ransom. Svpeng hit the news again last month when Russia announced on April 11 that several people allegedly responsible for the malware had been arrested weeks prior. Since then, security concerns over mobile financial services haven't exactly calmed. The result is troubling for those in the financial industry, who see more and more traffic headed to mobile banking and mobile payment systems. From the March 2015 Federal Reserve paper on Consumers and Mobile Financial Services:
- 87 percent of the U.S. adult population has a mobile phone, consistent with 2013.
- 71 percent of mobile phones are smartphones (Internet-enabled), up from 61 percent a year earlier.
- 52 percent of smartphone owners with a bank account have used mobile banking in the 12 months prior to the survey, up from 51 percent a year earlier.
The ubiquity of mobile phones is changing the way consumers access financial services. And yet, despite the rapid growth, a significant percentage of consumers aren’t making the leap. Why? Security. According to a 2014 Deloitte report:
"Of those respondents who do not regularly use mobile devices for financial services, 61 percent cited security issues as the prime reason."
Despite analysis by Verizon that mobile malware is not currently a significant vector for attack, the threat is still there, and so is the hype. It will be difficult for financial services companies to goad holdout consumers into using mobile financial services apps when concerns about mobile banking and mobile payments find their way to the top of the news at USA Today, the Guardian, and Forbes. It’ll be even more difficult to keep those nascent users should the mobile banking ecosystem take another high-profile hit during its infancy. So, it’s clear that security is going to be a major focus of financial institutions as the mobile market develops. Biometrics, in particular, seem to be gaining favor and fits the bill, as with Apple Pay’s use of TouchID. When it comes to gaining the trust of consumers, the appearance of security is almost as important to financial institutions as security itself—and biometrics is a highly visible solution. The question is how well biometric solutions will be implemented, whether they will be convenient enough to see widespread adoption, and whether the benefits are real and not just security theatre (for example, TouchID simply reverts to passcode authentication should the fingerprint scan fail five times). It’s going to be an interesting year for mobile financial services.
Financial Services Cybersecurity Regulations
Learn how Tripwire's strategies bolster cybersecurity in the financial sector. Facing heightened risks, financial organizations can benefit from Tripwire's expertise in security configuration management and file integrity monitoring, ensuring compliance with critical regulations and safeguarding sensitive data.
