An advisory from the regulator the Competition and Markets Authority (CMA) is pushing banks to offer customers access to their data through shared smartphone apps.
Opening the UK banking sector up to a system that allows customer data to be shared via smartphone apps is a shockingly bad idea, according to Lee Munson, Security Researcher at Comparitech.com.
He said: “Security of mobile devices poses a massive challenge to enterprises; individuals are largely more prone to making mistakes, installing malware and generally using their handsets in a way that will put any data held on them a very short distance away from those who would steal and use it for malicious purposes.
“Thus it should be for the banks, regulators and government to protect them and in this instance they are not.
“While financial institutions may be able to secure operations their end, they most certainly cannot guarantee that vendors will keep smartphones patched against the latest vulnerabilities and they definitely cannot assume all their customers will always act in an entirely secure manner.
“Until mobile banking services such as these come with a government health warning – or at least some much-needed security awareness tips – many consumers will rank the convenience and short-term advantages of switching providers far higher than the potential risks.”
The Competition and Markets Authority’s recent announcement that banks will be pressured into allowing customers to access their entire finances via a single mobile app by 2018 has indeed raised security concerns. However, the CMA’s ambitious plans can be made a reality if banks take the right steps to protect their own apps before the new measures come into place, according to an app security company, Promon.
Once the new rules come in, consumers will be able to apply for loans, overdrafts and mortgages using their mobile phones and will be able to manage accounts from different providers in one place.
Lars Lunde Birkeland, Head of Communication at Promon, said: “It is plausible for banks to want to push back against the 2018 deadline; their reputation and an immense amount of customer and business data are at stake, and it is easy to consider this move to a unified banking app as being fraught with security challenges.
“The risk of linking all bank accounts is incontestable and a responsible and cautious approach must be put in place: if banks take the right steps to proactively manage their app security now, the solution to this problem is actually a straightforward one.”
Birkeland points to a trend of going mobile, be it for businesses or banks. He added: “The rise of mobile as a medium through which people do banking is inexorable. But what is less well-known is that securing banking apps and data ahead of the new measures less troublesome than many think.”
To alleviate these possible issues, banks should use software that makes their apps self-defending, rather than rely on their customers to protect their devices from cyber-attacks, according to Promon. Such software consists of code that can be embedded into an app during its creation or in a software update, which provides protection from external threats.
Birkeland added: “What is left for banks now is to be flexible enough to adapt to the growing mobile trend, and to keep in mind the nature of the data that is being manipulated and the potential risks it involves.
“The solution is simple. Securing the new app from the inside will be a stepping-stone in securing data, gaining consumer trust and safeguarding the future of mobile banking. If approached in a proactive, innovative way, the CMA’s proposed smartphone banking revolution is far from utopian.”
