Security must be equal to feature development if banks are to mitigaterisk in mobile services, contends new report
18th May 2017 – The RiskMitigation Workgroup of Mobey Forum, the global industry association empoweringbanks and other financial institutions to lead in the future of digitalfinancial services, is today calling for a mindset change in financial app anddigital service design, following the launch of the second and final instalmentof its popular Risk Review report.
The wide-ranging report proposes anISO-compliant approach to the assessment and mitigation of risk in the mobiledevice environment. This second instalment, published today, reviews measuresthat banks and financial service providers can implement to mitigate riskthroughout the full lifecycle of a mobile financial service (MFS) and givescase study examples of best practices from a variety of stakeholders across theecosystem.
“One of biggest challenges in mitigating risksfor both developers and providers of mobile financial services is to changetheir application development mindset,” comments Ron van Wezel, Senior Analystat Aite Group and Co-Chair of the Risk Mitigation Workgroup. “App developmentis nearly always ‘feature driven’, working within short timeframes to get thelatest and greatest ideas into the hands of customers. This can lead tosecurity being deprioritised to reduce time-to-market. If MFS providersgenuinely want to mitigate risks, this attitude needs to change: securityshould be an equal driver to features. It needs to be addressed in the fulllife cycle of MFS development.”
The Risk Review provides and overview of cutting-edge risk mitigation measures for banksand other key MFS stakeholders including, among others, application integrity,data protection, customer security awareness, transaction authentication,tokenisation and anti-reverse engineering.
Phillipe Roy, IT Security Specialist at Danske Bank andCo-Chair of the RiskMitigation Workgroup comments: “Many risk mitigation measures ultimatelyrely on customer awareness and education. Research has shown that many smartphone users still are reluctant to take steps to protect their own devices,even when educated about the risks. While there clearly needs to be a focus onmitigating and reducing risks as much as possible, it needs to be done in a waythat does not alienate customers or restrict the user experience of the MFS.Putting emphasis on security right from the start of the development phase willplay a big part in achieving this.”
“Today’s technologiesoffer many promising solutions to combat fraud and reduce risk in MFS, but it’simportant to remember that criminals make use of these too,” adds Maikki Frisk,Executive Director, Mobey Forum. “Adoption rates for financial services appsare increasing rapidly, as is the sophistication of the apps themselves. Thisis great news, but underlines why MFS providers need to remain on continuouswatch, maintaining and deploying the best systems and processes available, andpromoting both a company and customer culture that has vigilance at thecentre.”
The Risk Review provides examples of best practicethrough a range of anonymised case studies from several international anddomestic banks, together with a payment service provider, a credit union and alarge insurance provider.
The report isavailable to downloadfree of charge from the Mobey Forum website.
