IBS Journal March 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

IBS Journal March 2018

25

to allow for optimum uptake by a diverse user base. “By making authentication possible by a range of security techniques, such as PINs, fingerprints, or selfies, customers can choose what works for them and what they are most comfortable with,” he says.

Step up to the plate

Even if secure entry is enabled for the customer, it’s also an institution’s responsibility to ensure that its apps are inherently safe from hackers, malware and other cyberattacks. A 2017 IBM study indicated that 58% of security experts at financial institutions ranked mobile concerns as a risk

features, but for the user experience to be simple and for the security to be water-tight.

“Banks and financial service providers have invested a lot of money and time in their digital transformation, as have all their rivals,” says Hendrickse. “The good news is that investment in digital transformation will help retain and attract new customers. The bad news is that customers will find it increasingly easy to switch banking providers as onboarding times decrease. So, while security has always been important, getting it wrong now will have consequences beyond bad press and potential fines.”

To retain customers, says Hendrickse, banks “need to be transparent” about how they keep data safe and protect their customers. “To complement this, they also need to provide their own education on phishing and malware in order to protect those customers that are not quite security-savvy,” he says. If they are to use mobile banking, customers not only need to be safe, they need to feel safe.

A bank’s customer base cannot be wholly pinned down. Users will always be of different ages, technological abilities and opinions on security. “It’s important to remember that the first ATM was installed in the UK more than 50 years ago, meaning that consumers have been engaging with banking technology for a long time,” says Hendrickse. Authentication should be made available via a variety of techniques,

service providers have invested a lot of money and time in their digital transformation, as have all their rivals

“ Banks and financial

indicator inhibiting their organisation’s full deployment of a mobile security strategy.

Similarly, research performed by the University of Birmingham in the UK discovered that although banks had been meticulous in building security into their apps, one particular technology used – so-called “certificate pinning” – meant that standard tests failed to notice a serious weakness that could let attackers take control of a victim’s online banking and mobile banking accounts. The problems mount when you consider that a user could be connected to unsecure WiFi hotspots or surfing suspect websites on the internet and downloading malware payloads – it’s something banks cannot legislate for, yet must be prepared to defend against.

Tests by Accenture and NowSecure, performed in April 2017, found that of 465 apps tested, 9% had small security issues, 10% had medium issues and 2% large issues. In total, three-quarters of the apps tested (on Android phones) passed without incident. The researchers concluded that banks have become sufficiently proactive in tackling well-known critical security issues such as Heartbleed, MITM and others.

Although you’d be hard-pressed to find a bank that doesn’t offer a mobile app in 2018, a vast majority of them still require a paper-based application system to gain a bank account. Hendrickse cites research from analyst firm PAID Strategies, which revealed that the majority of banks, especially traditional banks, still require consumers to go through manual processes such as visiting a branch rather than using digital identity technology to onboard applicants. According to the report, only two of nine banks surveyed allowed for 100% digital on-boarding, with identity verification remaining a manual process in most cases.

As Hendrickse says: “Until banks offer a fully-digital mobile banking experience, using digital identity services and biometrics, they can’t claim to be truly offering what the customer needs.”

www.ibsintelligence.com

martin-dm / iStock

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52