eLearningClasses.com
Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

The next generation of security in mobile banking – Paul Way, Nuance

The purpose of mobile banking is to make banking more convenient for customers. As competition in the UK retail banking industry continues to build, customer experience will become increasingly important as a differentiator within the market. Mobile banking should form a major part of that change but, even as the majority of large banks expand the scope of their mobile banking programmes, so the escalating arms-race with the fraternity of hackers and cybercriminals threatens these improvements. However, banks need to strike the right balance by ensuring customers are protected, while still providing them with the convenience of mobile banking.

Paul WayIn terms of the security/convenience trade-off that the user must make when choosing their password, mobile banking is as vulnerable as the desktop and perhaps even more so. The USB card reader, so effective in combating keystroke-logging software, would detract significantly from the convenience of mobile banking. Similarly, the randomised split password is rendered useless if the same password has been used to login to another service, and has become known to fraudsters. Furthermore, a password of sufficient complexity to be useful is always going to be relatively difficult to remember; and since almost all smartphones have a relatively cramped keyboard, the temptation is always to choose a shorter, simpler password which does not involve switching to the ‘shadow’ keyboard.

Until recently, mobile security did not loom particularly large in the minds of security officers, as the percentage of smartphones infected with malware was much smaller than that of PCs. However, cyber-criminals are now very much aware of the opportunity that mobile banking affords them, and Android malware is now beginning to make its presence felt on the market. As the percentage of retail banking customers using mobile banking continues to climb, we will only see more of this, and we are certain to see malware targeting other operating systems as well. As criminals become increasingly sophisticated, and customers demand the slickest experience possible, it becomes clear that we need a new approach to security in mobile banking.

Options are relatively limited, but biometrics offers the greater possibilities, as customers cannot lose or forget their biometric characteristics. Similarly, they cannot be copied or compromised and, as the biometric reference and verification engine can be hosted in the cloud, a hack of any description on a customer’s device would not be capable of compromising the system. The problem with conventional biometric verification systems has historically been hardware – smartphones’ touchscreens are not sensitive enough to read a fingerprint accurately, nor are front-facing cameras good enough to resolve an iris pattern in the necessary detail. Another challenge is that no matter how secure the information may be, the general public are simply not used to having biometric details such as fingerprints and iris scans recorded in this way.

Most people, however, are used to having their voice recorded (“this call may be recorded for training and security purposes”), and the voice is as unique a biometric characteristic as the iris, the fingerprint, or any other part of the body. Moreover, all smartphones have a microphone able to record a voice sample for biometric analysis and, as the actual data in an audio sample is considerably less than in an image, it is much more suitable for processing on a remote computer. At Nuance, we’ve been providing voice biometrics for use in telephone banking for some time, with both Barclays Wealth and Investment in the UK, and Bank Hapoalim in Israel using voice biometric analysis for customer ID and verification. Because the processing takes place in the cloud, the user-facing ‘front-end’ of the technology is relatively simple, and can be made available as a developer plugin (such as Nuance’s Nina), which can be added in to the appropriate part of any app. For example, organisations such as USAA in the US are pioneering the use of voice-controlled personal banking assistants in retail finance, but the logical next step is to add in voice biometric verification as a seamless part of the user-experience.

This also means that it can be used to secure other banking services that the bank may provide through a mobile platform. For example, banks that provide insurance for their customers can control the security of purchases and claims by handling them through their own app and verifying them with (biometric) security credentials which they control and maintain. In this way, a bank can deal with the security flaws that come from an externally managed insurance offering, by tying together a customer’s identity, bank details and additional services in a manner that is much more secure than knowledge-based credentials, and which cannot be compromised by those attempting to use fraudulent identities. In addition, failed logins can be captured and recorded, in order to identify and tackle repeated attempts at fraudulent activity – such ‘black-list’ information can then be shared within the industry.

Voice biometric security offers an opportunity to adopt a technology that will take us more than just the one step ahead of the criminals, and which offers significant customer experience benefits as well. For a generation that is coming to see the smartphone as the primary access point to all online services, both of these factors will become increasingly important over the next few years.

Paul Way is Director, UK, at Nuance Communications