The Competition and Markets Authority (CMA) has announced changes in the banking industry that will enable customers to access the details of their entire finances through a single mobile phone app by 2018, raising inevitable security concerns. Not only will banks have to bolster security within their mobile banking applications, but they will also need to make sure that everyone within the supply chain meets the security requirements for these big changes in service provision, in order to mitigate the security risks. This is according to Phil Bindley, CTO of The Bunker.
Under the new rules some of the UK’s biggest banks will be mandated to provide the same services they offer in branches on mobile banking applications, including loans, mortgages and information on their accounts. The immediacy of transactions presents benefits in terms of end user experience. However, the risks of this approach are inarguable, reinforced by Barclays’ security chief who recently spoke out about the increasingly professional approach cybercriminals are adopting. Banks and financial institutions must start taking the measures needed to bolster their application security now and adopt a diligent approach when doing so.
Phil Bindley, CTO of The Bunker explains: “Undoubtedly, hackers that target financial institutions are more professional than they once were and cybercriminals will use any means possible to achieve their aims. It used to be that risks to banks existed in the form of someone with a gun entering the establishment and stealing the money. From a risk perspective, the gun has now become a mobile device as this is going to have access to the banking system in some way, shape or form. Banks may want to push back against the deadline. The challenge is to remain agile so they can adapt to the growing mobile trend, whilst also maintaining control of their data by determining where it is, how it is stored, who has access to it and how they access it.
“Newer forms of authentication, such as voice recognition technology, have started to become more widely adopted. Although more complex, biometric technology is still relatively immature so it is not inconceivable that these solutions are fallible. Most notably, once a thief gets hold of this personal information it cannot be changed. Individuals can change their password, their pin and get a new bank card, but it’s impossible to change your iris, fingerprint or voice. Therefore, if banks and other institutions are going to use these new means of authentication they have to be 100 per cent confident that no one will ever be able to steal and replicate that information.
“With hackers becoming increasingly advanced in their techniques and as the demand for mobile technology increases, what’s important is to address internal and external threats by looking at everything through the lens of data security. This is the first step, and arguably the most important, if banks have any chance of matching user demand whilst also meeting security requirements. It’s essential to have the right people, processes, technology and most importantly culture within an organisation in order to protect the business. What’s more, banks must effectively oversee all aspects of their outsourcing arrangements and ensure that they appoint a Cloud Service Provider that offers the utmost cyber resilience and transparency,” concludes Bindley.