Top 5 approaches to secure your mobile banking app

Digital payments in India have reached an advanced stage of adoption, buoyed by a number of factors including the 2016 de-monetization by the Government followed by a coordinated effort to stimulate digital transactions with UPI, a government-backed mobile first, real-time payment platform.

A recent report on Digital Payments released by BCG and PhonePe Pulse pegs the digital payments at 40% of the total payments made during 2021, projected to go upto 65% in 2026. As indicated in the report, value of digital payments in India will increase three-fold from US$3 trillion today, to US$10 trillion by 2026. The report further states that the mobile-based financial transactions in India has reached a tipping point and the next wave of banking solutions will push the mobile payment envelope further, riding on AI and IoT technologies.

Yet mobile security is a growing concern as evidenced by an increasing number of incidents in recent months. It is important to ensure a robust security system to maintain the confidence in mobile payments and provide the heft to the adoption momentum.

Today, more than eight in ten Indians living in urban areas are using a banking app according to Forrester Research.  Hackers are aggressively pursuing mobile phone users with social engineering strategies resulting an exponential increase in hacking incidents. Banks and financial service providers cannot remain passive as all stakeholders will be affected by security incidents. It is time to aggressively pursue a cyber security strategy that encompasses the mobile device since hackers are mostly targeting the banking and financial services organizations via user-devices.

Here are 5 important factors that should constitute your approach to provide safety and security around your mobile banking app.

1. Controls aligned with RBI compliance – This must be the bedrock of any security approach. Aligning technologies and processes compliant with regulatory guidelines include capabilities like device policy enforcement, anti-malware capabilities, AI-enabled malicious-behaviour-analysis, identification of jail-broken device & unsecured wi-fi etc. 

2. Protecting device beyond the perimeter: Even though this is a tricky one, it can be achieved with a diligent approach towards device and network sanitization. The very nature of the mobile enables it to operate outside the ambit of the corporate network and therefore the banking app or device must be equipped with capabilities that work in run-time environment to monitor the device and the network. The app by itself should be able to identify abnormal patterns and anomalous behavior with intelligent algorithms and machine learning capabilities.

3. Combating threat vectors: In an ever-expanding threat landscape, social engineering mostly accompanied with phishing is emerging as a top vector where hackers lure victims by designing personalized offers. While educating users definitely helps, the problem becomes more challenging in managing mobiles as people inadvertently click (because of the small screen size), on links which they normally would not do on a laptop. Device protection can be strengthened with a security application that is equipped with data leakage capabilities such as anti-screen-mirroring, anti-SMS spoofing and AI-based anti-malware features.

4. Cyber skills: There is a severe shortage of skilled cyber security professionals with some reports pegging the shortfall at 3.5 million professionals and so partnering with third-party service providers to complement internal security capabilities makes more sense. Focused on a specific line of activity, cyber-security service providers routinely keep abreast of emerging threats and continuously ramp up their combative capabilities.

5. Customer awareness:  Malwares access a device only when the user performs some activity to trigger them. So, awareness is the single most critical factor to keep the device safe. Cisco’s 2021 cyber security threat report finds that at least one person clicked a phishing link in 86% of organizations. The app providers should take it as their responsibility to educate the mobile app users on the general do’s and don’ts.

Mobile-based digital payments have become a norm rather than exception in India. Life has literally become on-the-go as consumers embrace the digital route to make their routine payments. From grocery shopping to travel, entertainment to professional services for home maintenance, everything is available at the click of a finger which cascades into financial transactions. As people become used to the convenience, the digital advantage cannot be allowed to become a liability due to security incidences. Banks may work in collaboration with cyber security experts to embed mobile apps with a security architecture having robust capabilities. A comprehensive security approach that comprises user education along with technology capabilities that facilitate governance, controls, compliance, monitoring, prevention and auto-remediation capabilities can mitigate risks and strengthen the security of banking apps.

The article has been written by Manish Mimani, Founder & CEO, Protectt.ai