Mobile banking services represent a significant opportunity for banks to get in front of more customers — the convenience factor is highly-attractive. And it’s fairly common knowledge that consumers should be vigilant in taking steps to protect themselves when using mobile banking apps. In fact, our previous post outlines several basic precautions that work in concert with one another and go a long way in preventing security breaches. However, consumer usage of mobile apps and some of the possible associated security threats should not only be evaluated by the consumer, but also by the banks behind the applications long before it’s even released.
According to an article recently published by the ABA Banking Journal, the security challenge for banks is compounded by the fact that technological advancements are outpacing the ability of regulatory agencies to issue guidance in a timely manner. The Federal Financial Institutions Examination Council continuously updates its regulations and recommendations for standard Internet banking. However, it is still working on mobile and mobile security guidelines which leaves software developers unclear about the features to integrate in order to support compliance.
Experts suggest that bank executives conduct a thorough risk assessment of all the technology behind their mobile banking application and be sure to protect themselves against possible risks.
The process required to adopt and develop a good and secure mobile banking app must be led by qualified mobile security experts and should not be rushed. It is imperative that banks understand that the security and privacy issues related to mobile devices are different, and in many instances, more complicated than any online banking risks. Therefore, the risk assessment and management process is critical in helping banks mitigate the regulatory and compliance risk associated with mobile devices and their software and applications.
The ABA article recommends a comprehensive program that includes the evaluation of six types of risks to develop appropriate response strategies and programs:
Operational risk-Includes loss from inadequate or failed processes, people, and systems. It usually also includes the threat from potential fraud or theft.
Strategic risk-The impact on earnings of poor decisions, the improper implementation of strategy, and an institution’s inability to respond to industry changes or meet customer needs.
Legal risk-Encompasses the potential impact of lawsuits, unenforceable contracts, or adverse judgments. It requires considering potential problems resulting from ambiguous or untested laws, rules, and regulations.
External risk-The possible impact of factors beyond management’s control, including new legislation, natural disasters, and certain macroeconomic developments such as supply chain disruptions.
Reputation risk-Includes the impact that any negative developments may have on company stakeholders, from customers and shareholders to regulators and vendors.
Compliance risk-The impact of violations of law or noncompliance with industry rules and regulations or ethical standards.
A thorough evaluation of these possible risks provides the basis for a strong mitigation strategy. The Infovision team of mobility solutions experts are well-versed in tackling these kinds of complex, business-critical initiatives. Contact us and we can work alongside your risk assessment team to determine and develop the safest and most effective mobile solution for your organization.