Security must be equal to feature development if banks are to mitigate risk in mobile services, contends new report
The Risk Mitigation Workgroup of Mobey Forum, the global industry association empowering banks and other financial institutions to lead in the future of digital financial services, is today calling for a mindset change in financial app and digital service design, following the launch of the second and final instalment of its popular Risk Review report.
The wide-ranging report proposes an ISO-compliant approach to the assessment and mitigation of risk in the mobile device environment. This second instalment, published today, reviews measures that banks and financial service providers can implement to mitigate risk throughout the full lifecycle of a mobile financial service (MFS) and gives case study examples of best practices from a variety of stakeholders across the ecosystem.
“One of biggest challenges in mitigating risks for both developers and providers of mobile financial services is to change their application development mindset,” comments Ron van Wezel, Senior Analyst at Aite Group and Co-Chair of the Risk Mitigation Workgroup. “App development is nearly always ‘feature driven’, working within short timeframes to get the latest and greatest ideas into the hands of customers. This can lead to security being deprioritised to reduce time-to-market. If MFS providers genuinely want to mitigate risks, this attitude needs to change: security should be an equal driver to features. It needs to be addressed in the full life cycle of MFS development.”
The Risk Review provides and overview of cutting-edge risk mitigation measures for banks and other key MFS stakeholders including, among others, application integrity, data protection, customer security awareness, transaction authentication, tokenisation and anti-reverse engineering.
Phillipe Roy, IT Security Specialist at Danske Bank and Co-Chair of the Risk Mitigation Workgroup comments: “Many risk mitigation measures ultimately rely on customer awareness and education. Research has shown that many smart phone users still are reluctant to take steps to protect their own devices, even when educated about the risks. While there clearly needs to be a focus on mitigating and reducing risks as much as possible, it needs to be done in a way that does not alienate customers or restrict the user experience of the MFS. Putting emphasis on security right from the start of the development phase will play a big part in achieving this.”
“Today’s technologies offer many promising solutions to combat fraud and reduce risk in MFS, but it’s important to remember that criminals make use of these too,” adds Maikki Frisk, Executive Director, Mobey Forum. “Adoption rates for financial services apps are increasing rapidly, as is the sophistication of the apps themselves. This is great news, but underlines why MFS providers need to remain on continuous watch, maintaining and deploying the best systems and processes available, and promoting both a company and customer culture that has vigilance at the centre.”
The Risk Review provides examples of best practice through a range of anonymised case studies from several international and domestic banks, together with a payment service provider, a credit union and a large insurance provider.
The report is available to download free of charge from the Mobey Forum website.