Financial institutions have been moving towards expanding digitisation for years, offering remote banking services, and prioritising the customer experience in digital platforms.
In 2020, however, the COVID-19 pandemic has dramatically accelerated this shift. With less access to bank branches, the mobile and online banking channels became the primary, and in some cases even the only banking options available.
Criminals always go where the money is, which is why they have increasingly turned their attention to the mobile channel. The pandemic has driven a massive increase in mobile malware attacks.
In 2020, Kaspersky detected more than 5.6 million malicious installation packages, more than 156,000 new mobile banking Trojans, and more than 20,000 new mobile ransomware Trojans.
Additionally, many consumers wrongly believe that all apps they download are secure, but that is not the case. Apps available on the official Apple and Google Play stores can sometimes even be malicious.
Though the official app stores filter out a large percentage of malware, they are not perfect.
When businesses’ mobile apps are vulnerable, or consumers’ devices and personal information are compromised due to mobile device or application security weaknesses, the consequences can be devastating.
Businesses can suffer reputation and brand damage and may face regulatory fines; consumers can become victims of identity theft or other types of fraud.
The good news is that a security incidents involving a mobile device or app can be avoided altogether by implementing mobile application security technologies.
How To Strengthen Mobile Application Security
Businesses can take simple steps to reduce the risk of fraud, malware, account takeover and other types of attacks in the mobile channel. Organisations and mobile developers creating their apps must begin implementing a complete mobile application security programme.
Traditionally, this would consist of building security into design requirements, providing secure code training and resources to developers, performing regular security testing throughout the development life cycle, and periodically conducting penetration testing.
But today, these methods are not enough. Businesses and app developers must begin applying client-side security measures, such as mobile application shielding technologies.
Mobile application shielding refers to a set of technologies integrated into the mobile app’s code to protect it against malicious activity and safeguard sensitive information from cybercriminals.
Even if the user’s device becomes infected with malware, app shielding will detect it and prevent the malicious code from running. It enables mobile apps to protect themselves even in untrusted device environments, such as compromised, infected or jailbroken phones.
In addition to mobile application shielding, businesses must also focus on natively integrating multifactor authentication into their apps.
Tools like facial recognition, fingerprint readers and even behavioral biometrics have become more commonly used in mobile banking apps to strengthen security and help prevent mobile account takeover.
These authentication technologies should be used in a layered approach, so as not to negatively impact the customer experience.
Prioritise Mobile App Security
Many organisations may have confidence that the Android or iOS operating systems will protect them, but neither of these will ever be 100% secure. Extra measures are needed.
Additionally, many businesses still do not allocate a specific budget for securing their mobile apps, and developers often look at security as another barrier.
But when done right, strong mobile application security can be a business benefit, driving revenue growth and customer retention while protecting against digital threats.
Without adequate security, there are some functionalities and services that businesses simply won’t provide to their customers through the mobile channel because they are deemed too risky.
By securing the mobile app and ensuring that it can protect itself from zero-day vulnerabilities, even on untrusted devices, businesses can have the confidence to open up new services through the mobile channel, creating new revenue streams that they otherwise would not have.
Mobile App Security Supports The Bottom Line
There are pressures from all sides of the business to get the application built, tested and published as quickly as possible. However, in the rush to market, security cannot be overlooked.
Here are five simple steps to build a successful mobile app security programme:
- Educate developers about secure coding on a regular basis.
- Include security in the product requirements.
- Integrate frequent, automated security testing earlier in the development life cycle when vulnerabilities can be fixed more easily.
- Conduct periodic penetration testing on the mobile app.
- Strengthen the app with additional protection in untrusted environments with in-app protection and app shielding technology.
With proper security measures in place, including application shielding and layers of natively integrated multifactor authentication, businesses are able to defend their mobile apps against attacks, while also protecting their customers, simplifying the customer experience and growing revenue.
OneSpan’s whitepaper on mobile app security is available here.
