Mobile banking’s “first wave” is a good news story. Consumer adoption of relatively low-value transactions has been swift. Consumer trust is high. According to The Wall Street Journal, a Federal Reserve survey found that “cellphone users tapping into banking services increased 33% during 2012. Nearly half of those with smart phones accessed a banking app or mobile website in the past year.”
But the second wave of mobile banking – capturing huge transactions of high-value customers – is meeting headwinds.
According to many bankers we talk to – especially the heads of corporate treasury, wealth management, and payments – that needs to change. The conversations have a common theme, and one bank executive’s comment captures it: “Mobile devices can’t just be another handy channel for consumers. Mobility needs to be a business advantage for our corporate and affluent customers and a revenue generator for us. Otherwise, it’s like playing miniature golf with your best irons. Way too much investment for way too little payoff.”
It’s not unreasonable that some bankers and their customers have in the past been wary of security when it comes to mobile devices, whether cell phones, laptops, tablets, phablets, or wearables. The same banker who reassures consumers about making mobile deposits will be less sanguine about a large corporation making million dollar payments the same way. The same customer who is willing to take a risk on mobile in order to pay his water bill is bound to have a different comfort threshold when it comes to making a million dollar stock transaction on the fly.
But the sheer size of the potential market makes it a must-do. TowerGroup predicts continued growth of mobile banking to reach 17 billion transactions in 2015. It’s also a must-do because of customer demand for the convenience that mobile affords. Once corporate controllers and other handlers of large transactions get accustomed to using mobile for their personal small transactions, it’s a short step to wondering why they can’t take care of business the same way.
If large transactions via mobile are inevitable – and few would disagree that they are – then no bank wants to be the last to be able to offer them.
There’s another burgeoning trend that feeds inevitability: downsizing. The leaner the staff, the more is expected from the remaining employees, many of whom have learned to handle the workload by merging it into their evenings and weekends. For that to work, they need to be able to take their work home or on the road – to be able to work from wherever life takes them. For them, convenience isn’t just nice-to-have – it’s essential.
A family member is a corporate controller for a mid-sized retail mall management company. Any time of day or night, weekday or weekend, can bring an urgent request from a tenant for a large funds transfer. Hardly a weekend goes by that she doesn’t have to stop what she’s doing – leave dinner, sometimes pack up the kids – and drive to the office where she can sign in on a special application and complete a transaction that would have taken her two minutes on her mobile. So far, her CIO and CFO steadfastly resist making that system available on mobile because of security fears.
And there we have the gravest impediment. When the President of the United States ruefully says he wants a smart phone for Christmas but his security advisers won’t let him have one, it tends to ratify the misgivings of anybody else, including corporate treasurers, affluent customers, and their bankers who are, after all, charged with protecting the safety of financial assets. Headlines like “Customers Paying the Price after Target Breach” can set back months and years of mounting assurance.
The same is true in the world of wealth management. If your bank’s affluent customers can make all their checking account transactions on mobile, they will soon expect their larger transactions to be just as convenient. Our clients tell us, “These are extremely profitable customers for us, and we know that the first banks to get it just right will have tremendous first-mover status.”
But as one wealth manager put it, the affluent have another concern: “Government surveillance. The revelations about NSA data collection of cell phone information have my clients spooked, and me, too. My conversations certainly are meant to be private, and even less do I want to invite unwarranted intrusiveness into my large-dollar transactions. And when you go one step further and think Edward Snowden, my appetite for large mobile transactions almost evaporates. And yet I know we have to get there – my customers will eventually demand it.”
So what can banks do to make mobile a viable channel for large-dollar transactions? They need to improve both the perception and the reality of the security of large transactions. First is the matter of access. Second is the matter of awareness. Let’s use the analogy of securing a building.
If you approach a building that houses gold bars, and you find the perimeter gate wide open and the door ajar, you would suspect that somebody neglected the access part. But suppose you had to use a special password and voice recognition for the gate, and then facial recognition for the door? Fine. Access has been addressed. But once inside, you can see doors marked, “Do Not Enter,” and you see employees driving loaded carts marked “Top Clearance Employees Only”. You’d have a pretty good idea of where to find the gold bars, wouldn’t you? You would realize somebody neglected the awareness. You now know exactly where to poke your nose if your intentions are to breach.
Unfortunately, that’s how many of today’s security apparatuses function. They do a decent job of denying access to unauthorized users. But as proven by the Target, Snowden, G20 Summit, and other famous hacks last year, access limits can be breached. Hackers can “ride along” with legitimate users. When that happens, awareness limits are vital. We like to say, “You can’t hack what you can’t see.” Back to the gold bars building, if you were followed in the door by an intruder but the builders had secured awareness, the intruder would see nothing – no activity, no doors, no signs, no carts. Nothing to see, nothing to attack. When it comes to corporate treasurers or the affluent moving large transactions via mobile, hackers need to be left unaware of the existence of large transactions that they could breach.
The technology exists for that to happen. Endpoints can be cloaked so that there is nothing for hackers to “see”. Widespread adoption of this kind of technology, along with multi-layered access systems will lead the way for mobile to realize its potential with large dollar transactions.
One bank CIO put the matter even more succinctly: “Let’s not wait until we have an adverse event. Already, whether we want them to or not, corporate customers are executing large transactions on mobile. Employees under pressure to help out a customer are going to stretch our policies about mobile. We need to get in front of that, not just hope to contain the fallout when something goes wrong.”