Nowadays banks allow their customers to conduct financial transactions from anywhere in the world using a mobile device such as a smart phone or tablet. This service is known as mobile banking and utilizes software called an app provided by the bank itself. In recent times, the popularity of mobile banking has grown by leaps and bounds due to the convenience and flexibility that it offers to customers. The potential of this technology is immense and so are the risks associated with it.
A Juniper Research study says that 400 million individuals performed a mobile banking transaction in 2013. It is a surprise however that despite this incredibly large number of transactions, many customers have security concerns and doubts about the robustness of the mobile banking platforms. This is mostly due to the rising rates of cyber-crimes that includes activities such as identity theft and fraudulent transactions. It is therefore a top priority of banks to adopt robust authentication methods that would enable them to guarantee the highest level of security for every transaction.
Fingerprint technology is one such authentication mechanism that allows only the authorized individuals to use mobile banking services. This article will focus on the current risks associated with mobile banking and how the adoption of fingerprint biometrics can help to overcome them.
What are the risks in mobile banking?
It is no doubt that the introduction of mobile banking is revolutionizing the way we perform financial transactions. A recent Accenture survey points out that even though 52% of North Americans are extremely aware of mobile payments, only 18% of them use it on a regular basis. The primary challenge that stands in the way of mobile banking is the absence of accurate and reliable customer authentication techniques.
Mobile users should be conscious of the fact that mobiles have evolved from being ordinary telephones to pocket-sized computers. It is therefore obvious that mobiles should be protected in the same way as personal computers. Malware that specifically target mobile devices such as Trojans, viruses, spyware etc. are a very real and prominent threat.
Poor app design and configuration
Every mobile platform has unique characteristics that should be taken into consideration during app development. Otherwise, vulnerabilities might be left open for fraudsters to exploit. Third party apps expose users to a variety of risks as they leverage credentials from other applications and may also have a weak security in place. Shopping apps for instance can leverage a user’s banking login information (username and password) to access his or her bank’s services and facilitate a transaction.
Lost mobile phone
The current mobile banking authentication mechanisms such as passwords cannot assure any safety if the user loses his or her mobile phone. For example, in a worst case scenario if the customer stored his or her password in phone for reference, then an unauthorized person would be very easily able to access his or her account.
Why do current authentication methods fail to provide the requisite security?
The current mobile payment authentication methods involve the utilization of a username and password combination, PIN number, tokens and security questions. However, security still remains an issue as proper identification of the authorized user is lacking in this current mechanism. This scheme is based on entering a correct password but it has no way of knowing if the authorized user is making the transaction.
Hackers these days are tech-savvy and can easily get access to user’s information such as password and PINs. Customers sometimes are even unaware that their information has been compromised until fraudulent transactions show up. It is important to prevent these hacker attacks as such security failures reduce the customer’s trust in mobile banking.
The core problem with current mechanisms is they validate a user’s financial transaction based on something the user knows or something he or she possesses. As passwords and PINs can be stolen or shared, they are unable to provide a secure authentication mechanism that can assure reliable communication between the user’s mobile device and the bank’s system.
Data breaches due to these inefficient authentication methods are costing banks and financial amounts huge amounts of money. A survey conducted by the Bureau of Financial Institutions found that the losses due to data security breaches amounted to over $2.1 million for 75 banks and credit unions. This is a significant loss and banks are pressurized to move from traditional authentication methods towards a more impenetrable system. This has put the focus on the newest security enhancing features for mobile phones i.e. fingerprint biometrics.
How does fingerprint identification work to overcome the current security loopholes?
Fingerprint identification has been around for quite some time now and it is not a new thing for notebook and desktop computers. But it became a big thing on mobile with the introduction of integrated fingerprint scanner in Apple iPhone 5S. The scanner was integrated into the phone’s home button and fingerprint authentication is now a part of the iOS operating system.
Mobile apps are supposed to be fast, easy to use and responsive. But when it comes to banking apps, the main feature is security. After the announcement of fingerprint authentication in iPhone 5S, other smartphone manufacturers followed suit and now fingerprint authentication is the newest security enhancing feature on most smartphones.
With this authentication mechanism, users can access the secure features of their phone simply by scanning their fingerprint on the home button. The fingerprint is securely stored within an encrypted section of the phone. When the user’s finger touches the home button, this fingerprint is compared to the stored template on the phone and then the user is either granted or denied access.
Compared to passwords, fingerprint identification provides guaranteed security and greater convenience to users. Customers will never forget to carry their fingers with them as it is a part of their being. Fingerprints thus acts as the perfect password that nobody can guess nor can they steal. Moreover, the users will always have it on them. It is as simple as unlocking a phone and the customer is simply one scan away from quickly logging into his or her mobile banking account.
How does fingerprint identification work?
There are two methods that the Touch ID sensor employs for reading a fingerprint. It utilizes a capacitive sensor to detect the small electrical charge given off by the user’s skin. This is the same technology that is used by a touchscreen to detect finger taps. It also utilizes a radio frequency scanner for reading the fingerprint pattern on the living tissue that is beneath the top layer of the user’s skin. This layer is readable only when living which means a spoof or a dead finger won’t work. Thus it ensures that only the authorized individual will be able to access the phone.
What are the advantages of using fingerprint authentication to secure mobile banking?
Governments and law enforcement agencies have been using biometric identification since a very long time and it has proven to be extremely useful in data tracking. In mobile banking, fingerprint technology increases authentication accuracy by ensuring that only the right individual will have access to the right information.
Guaranteed safety and security
Hackers stealing their customer’s personal information is the main concern of banks. Fingerprint identification protects customer’s credentials from being stolen as fingerprint is unique to each user with the added advantage that it can neither be shared, duplicated or stolen.
Assures privacy of customers
The banks themselves never maintain caches of the customer’s actual fingerprints. Rather they use an algorithm to create and store templates or complex numerical sequences based on the scan of the user’s fingerprint. It is not possible to reconstruct the original fingerprint pattern from the stored template.
The implementation of fingerprint technology will help banks to reduce financial losses that arise from weak password management. It will save on financial losses by preventing data breaches from occurring.
Ease of use
Fingerprint identification fulfills customer’s expectations by offering great convenience and a seamless user experience. Forgotten or mistyped passwords along with even fewer password attempts results in the user’s account getting lock and spoils the mobile banking user’s experience. It is a fact that customer’s will not use a functionality if it’s not easy to use. This is the reason why fingerprint authentication is becoming rapidly popular for mobile banking due to its ease of use.