By Gerhard Oosthuizen, CTO at Entersekt
In the “old days” – the days of magnetic stripe cards – a cardholder proved that they were the rightful owner of a card with a handwritten signature at the point of sale. Then came the chip cards, where a PIN number was used for authentication in a card-present context.
In card-not-present situations like online shopping, however, it is much harder to validate a customer’s identity, because they only have to input strings of numbers. To prove that a shopper is the rightful cardholder, another authentication method is required, which often adds friction and frustration to a customer’s online-shopping experience.
But the widespread adoption and computing power of the mobile phone means that a solution might be on hand. Ticking the boxes of security and convenience, the mobile banking app has the potential to become the payment tool of choice.
The rise of the mobile banking app
The use of mobile banking apps has taken time to gather momentum in some markets. A reason often cited is the fear of fraud and identity theft. This is understandable when considering that securing a banking app with a username and password only goes so far in proving that a user is the legitimate banking customer – especially in an era where security breaches and attacks like phishing abound.
So how can a bank reassure its customers that having all their banking information literally in the palm of their hand can be as secure as it is convenient? And that paying with their banking app can be more secure than paying with their debit or credit card?
A matter of trust
It all comes down to trust. Establishing a relationship of mutual trust between a bank and a customer is crucial. It creates a secure foundation from which the bank can offer rich and innovative services, while giving customers the confidence to engage with these services without security concerns.The mobile phone makes all of this possible by means of three key pillars: identity, integrity, and communication.
The first step in establishing a foundation of trust is the notion of identity. Digital certificate technology makes it possible to uniquely identify any registered customer’s mobile phone as well as the banking app that was originally registered on the phone. This means the bank can be certain that they’re communicating with the right person.
Secondly, the bank needs to be sure that neither the customer’s mobile phone nor the messages being sent between the device and the bank have been tampered with. In other words, the integrity of the device, the app itself, as well as the environment in which the app is running, must be proven.
Finally, the bank and the customer need to know that communication is secure and private. This can be achieved through technology that establishes an encrypted communication channel between the bank and the customer’s banking app. Since this is a separate, secure channel, no fraudster can intercept sensitive messages meant for the customer – like authentication requests and responses.
As safe as the banking app
At Entersekt, we believe that with trust as foundation, mobile banking apps can become much more than tools for checking balances. They can become enablers of new forms of banking and commerce that will not only transform the banking industry but will also revolutionise customers’ lives.
Modern technology, such as cloud and mobile technologies, has given banks the opportunity to completely redefine the banking experience for their customers and re-establish personal relationships. Doing so turns the mobile phone into an extremely valuable commodity for customers– a passport to all types of digital experiences without the hassle of unnecessary authentication requirements. A range of banking and payments capabilities can be made available 24/7, from anywhere in the world, in the palm of the customer’s hand. More than that, when a bank has a foundation of trust in place, its app can also be the safest way for customers to transact.
Entersekt is an innovator of mobile-first fintech solutions. Financial services providers and other enterprises rely on its patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. Whether pursuing compliance through strong authentication and state-of-the-art app security or looking to meet consumer demand for on-the-go information sharing and payment capabilities, Entersekt’s clients always enjoy a competitive advantage. For more information, visit www.entersekt.com.