Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

SEVEN STEPS TO BUILDING SECURITY INTO YOUR FINANCIAL SERVICES APP

Adam Fleming CTO

Adam Fleming, CTO of Apadmi

The growth of smartphones and tablets has opened up a hugely diverse platform for financial mobile applications. With more and more apps entering the market and rapidly becoming the preferred means to conduct trades and transactions, it has never been more important to make sure that mobile applications offered by a financial institution are safe, secure and appropriately reflect the brand values of that institution.

Adam Fleming CTO

Adam Fleming CTO

It is vital that any mobile application upholds the trust and security which underpin the relationship between the investor or customer and the financial institution. Here are seven steps that will guide you to ensure your financial mobile app is safe, secure and improves this relationship:

1. Planning
The first thing to consider is what you want your mobile app to do for your customers and business. Plan a roadmap for your app and then spend time identifying the security risks at each point.

2. Which device do your customers use?
Different smartphones run on different operating systems (or platforms) each providing slightly different services for different users. Deciding whether your app will support Apple iOS, Android, BlackBerry or WindowsPhone devices will be the first decision you need to make.

Your app developer should be able to look at your roadmap and help determine which mobile platform(s) are most appropriate based on the functionality and your user demographics.

3. Device-level security
Mobile phones are inherently insecure devices – they fall out of pockets, get left in taxis and get stolen. The implications of this are that the device is an insecure part of the security chain and additional requirements must be placed on any mobile app dealing with sensitive information.

Perhaps the simplest countermeasure to these threats is to ensure that sensitive information is never stored on the device. This can work very well as certain types of information, such as credit card details, should never be stored on a mobile device. However it can also massively compromise user experience.

For example, an app would be more secure if it required the user to enter a long username and password and then 3 or 4 further pieces of information on each login, but it would also lead to users abandoning the app.

In the majority of cases, it is impossible to get away from the need to store some sensitive information on the device, so this should always be minimal and encrypted. Where encryption is used, it is vital to ensure that it is also used in any backups made of the device.

4. User Identification

Figaro App

Figaro App

Although it is reasonable from a user-experience perspective to have some degree of association between the application and an account, it’s important to ensure that the user is who you think they are, by requiring a password or pin-code.

It’s also essential to consider that while mobile phones tend to be personal devices, tablets are frequently shared between multiple people. If your application is going to be used on tablet devices, spend some time considering how to handle the multi-user scenario and the implications this has for security.

5. Privilege Partitioning
The basis of privilege partitioning is to associate different functionalities within the app with different levels of privilege. This means that certain low-risk areas of an app, for example accessing an area that grants access to statements may require the user to re-enter the password – which would allow them access for 30 minutes. Performing a trade though, could require the re-entry of the password, plus a pin-number and only allow access for 5 minutes.

The number of different privilege levels needed, and the mechanisms for moving between them can be customised to the requirements of the financial institution and balanced against the user-experience required within the application.

6. Connectivity and Endpoints
Providing services over the Internet is a well-understood space and there are many technologies already available to help make this simple and secure – primarily HTTPS, public key infrastructure and certificate management. The good news is that virtually all of these technologies are supported by mobile platforms directly.

That said, a mobile device – particularly one connected over a cellular-radio network (such as 3G) should be considered to be a “partially connected” device. This means there is a possibility that connectivity between the device and the back-end may drop – particularly if the user is travelling by road or rail. This can place additional requirements on the endpoints exposed from within the financial institution.

It’s also worth mentioning that the link to a mobile device is likely to be low- or variable-bandwidth, so any communications between the device and the back-end need to be as small as possible.

7. User Experience

It has often been said that an application is only as good as its interface and this is especially true for financial apps. A mobile app in the finance space must absolutely reflect the institution’s design, values and branding to reassure the user that it is part of its portfolio.

It should extend your corporate brand onto a device which is implicitly trusted by the user – the challenge is to make sure that the experience is good and that you can build upon that trust. The more you can do to deliver the feeling of what it’s like to do business with your institution to the app, the better it will be received.

If you would like the full report produced by Apadmi called, ‘Building Security into Mobile Financial Services Apps’ which includes further insights into the security issues of financial mobile apps, download the whitepaper.

Whether you need help with a new financial application, project that is going off track, want to discuss the scope or feasibility of a new project or if you need help with the full design, development and delivery of your app, contact Apadmi and we can talk in more detail about how we can help you.

Apadmi has been developing secure, robust and intuitive mobile apps for over 15 years in all industry sectors including financial, healthcare, enterprise and consumer. We initially helped to create several apps for the very first smartphone, the Ericsson R380, way back in 1998. Since then we’ve successfully launched a multitude of apps for banking, payment and stockbroking companies such as JHC, AJ Bell and Proxama.

This wealth of experience has given us an in-depth understanding of mobile technology, enabling us to advise customers on their mobile plans and help them to create innovative and intuitive mobile apps and server solutions.

About the Author
Adam Fleming has been working in the mobile industry since the early days of 3G networks, and has experience in areas ranging from core-network hardware through to mobile handset device drivers, middleware and applications. As CTO of Apadmi, Adam focuses on technology and the opportunities it presents for Apadmi and their clients.

About Apadmi
Apadmi are the experts in mobile technology who create exceptional, brand led mobile experiences that inspire businesses and end consumers alike. They are a 55 strong team who deliver and strengthen brand advocacy and engagement by creating robust, reliable and intuitive mobile apps and server solutions and have been doing so for the past 15 years.

Apadmi pride themselves on delivering integrated apps and server solutions as part of a comprehensive and professional end-to-end service. Since their formation in 2009 they have delivered over 100 innovative apps and server solutions to a diverse and impressive range of clients such as BBC, the X Factor, the British Museum, the Guardian, BT, Skyscanner and Aviva. They work across all mobile platforms (iOS, Android, BlackBerry, Windows Phone & HTML5) and industry sectors to create immersive experiences for some of the most recognised brands in the world.

For more information about Apadmi, see www.apadmi.com

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post