Why mobile banking and consumer messaging apps should never mix

31 January, 2017 by Ouriel Weisz

In an age of contactless card payments and the ubiquitous smartphone, mobile banking apps are taking off.

Recent research from ING suggests up to 50% of all phone owners in Europe are now managing their money via their handsets.

The study which interviewed 15,000 people across 13 European countries a well as the US and Australia showed a year-on-year rise of 6%.

According to KPMG, the number of mobile banking users globally is forecast to double to 1.8 billion over the next four years.

Banks under fire

Banks will always be a prime target for cyber-attacks. Some of the latest attacks in the news have proved ominously effective.

When hackers managed to steal £2.5m from 9,000 customers at Tesco Bank in November last year the UK’s Financial Conduct Authority described it as “unprecedented.”

Even more recently a DDoS attack against Lloyds bank resulted in three days of disruption.

Such incidents have prompted one leading expert to warn a major bank will fail as a result of a cyber-attack in 2017 leading to a loss of confidence and a run on that bank.

App attack

Undeterred leading traditional banks as well as newcomers are racing ahead with offerings aimed at the growing market for mobile banking services.

US institutions Credit Karma, Chase Mobile, Bank of America, Wells Fargo and PayPal are among those leading the way.

Of course cybercriminals have wasted no time following the money.

Research by Risk IQ examined 350,000 banking-related Android apps. The study revealed about 11% contained malware or suspicious binaries according to whether they contained malware or suspicious binaries as identified by a consortium of 70 antivirus suppliers.

Stories like this do nothing to win over a sceptical public’s trust in mobile banking apps.

Some 42% of mobile phone owners think mobile banking puts personal information very or somewhat at risk (the Federal Reserve). A further 15% admit they simply cannot be sure.

Another study, this time from MyBankTracker.com, puts the proportion of respondents who trust “mobile technologies for their banking needs and financial transactions” is as low as 6%.

Pressing ahead regardless

Against this backdrop it is slightly surprising to learn that some banks are already exploring ways to take things a step further.

One idea is to tie up with popular consumer instant messaging services to communicate directly with customers.

For example, Bank of America was one of a dozen companies to signal support for Facebook’s Messenger application at its FS Developer conference last year.

So far the plan is to connect with customers via the Messenger app to notify them of important alerts and communications in real-time.

Other initiatives include allowing Facebook users to transfer money to friends free of charge via Messenger.

Bad idea

If the whole thing sounds risky – well it almost certainly is!

Facebook Messenger added its cash transfer capability in 2015 as a convenient way for friends and family to make small payments to one another.

The app has minimal security. Transactions are not monitored or validated.

Set-up requires that you register your debit card information with Facebook. Moreover, the terms and conditions make it clear the owner is liable for any charges related to insufficient funds or if the payment is rejected for some other reason.

In short, it’s a fraudster’s dream.

One phishing email purporting to be from a friend or relative might be all it takes to persuade a victim of an emergency and to send money quickly.

Facebook Messenger is a consumer app. Without a major security overhaul it can have no place in banking or any other enterprise.

Security built-in by design

Fortunately a mobile-oriented, group messaging and collaboration platform like NURO can provide a safe, encrypted transfer medium for banks to feed their mobile payment services into.

NURO has enterprise-class security built-in by design. It also has a wide range of APIs for institutions to readily connect their mobile banking apps to.

In building out their mobile banking apps with NURO, banks benefit from seamless service integration with their own authentication systems.

It allows them to offer customers a completely safe and private service for all transactions, thereby eliminating any risk of phishing fraud.

The platform also enables banks to stay compliant with regulations. Details of all transactions are stored on the bank premises in an encrypted virtual vault.

This vault may be accessed and the stored information decrypted for authorized parties such as auditors to make compliance checks.

In summary, use of mobile banking apps is growing rapidly. Intense competition in the sector will ensure apps will continue to be developed. The end-user will be spoilt for convenience and choice.

But wherever there is money the fraudsters will follow.

Mobile banking is safe so long as smartphone owners can take appropriate precautions to avoid scammers and banks have enough control over transactions to ensure they stay compliant.

Connecting a mobile banking app with a secure, enterprise mobile messaging app is the ideal way to this.