The 4 Essential Mobile App Security Tips for Banks and Financial Institutions

The 4 Essential Mobile App Security Tips for Banks and Financial Institutions

Despite the fact it is only mid-November at time of writing the truth remains the holiday season, and the shopping rush it brings with it, is almost upon us. That is, of course, if it isn’t already here.

Whether your enterprise, bank, or financial institution is customer-facing or business-facing, you need to prepare your network’s identity security solutions and policies to face the increased traffic and customer-client demands the holidays bring.

Indeed, with so many customers making large purchasing decisions—either for their personal shopping needs or to prepare for the 2019 business year—having your authentication protocols performing optimally is essential.

Not only will a smooth authentication procedure enable a seamless customer experience conducive to your conversion rates, but it will also provide the security your enterprise needs to avoid a costly data breach.

Of special importance to both identity authentication and the holiday seasonal rush is mobile app security. More and more consumers and employees are conducting the majority of their purchasing decisions on a mobile device and via mobile applications: a Google Analytics study found 40% of online transactions occurred on a mobile device. Without mobile app security for your business, you could risk this significant portion of your revenue, in addition to your online reputation.

So how can your enterprise, bank, or financial institution prepare for this seasonal onslaught of authentication demands?

Will LaSala, Director of Security Solutions and Security Evangelist for OneSpan, provides his “Mobile App Security Check List” so banks, financial institutions, and customer-facing businesses can prepare for the upcoming holiday rush and subsequent authentication pitfalls:  

  1. All mobile applications, including shopping and retail apps, should be able to protect themselves in untrusted device environments. In order to defend any type of mobile app against sophisticated malware, we recommend that they are protected using application shielding technology. This technology prevents attackers from injecting malicious code into an app and repackaging it for distribution in unofficial marketplaces or websites. This technology is also context-aware so that if a user’s Android device is rooted or allows for side-loaded apps and is potentially infected with malware, the app itself is still protected.
  2. Focus on implementing strong, user-friendly multi-factor authentication. Financial institutions should turn to the latest available adaptive authentication technology that can analyze and score hundreds of user, device, and transaction data in real-time to determine the precise authentication requirements for each transaction. This level of intelligence ensures the best possible customer experience, while safe-guarding transactions and customer data.
  3. Stay compliant with industry standards.  Ensuring your mobile app is compliant with industry standards for mobile security will help keep you secure from the latest threats and vulnerabilities. PCI-DSS is one example of a compliance mandate for banks with cards and is administered by the Payment Card Industry Security Standards Council.
  4. Training and communication to customers is key to any successful security plan.  As social engineering and phishing attacks continue to rise, customers should know how to spot fraudulent e-mails directing them to click on suspicious links and open unidentified attachments. Being able to stay on top of the latest trends for security and keeping your customers up to date on those trends is also important.

Will LaSala OneSpan mobile app security


Thank you to Will LaSala of OneSpan for his time and expertise on mobile app security! OneSpan is a mobile app security, e-signature, and authentication solution provider.  

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner