Make the Ostrich an Endangered Species!


Mobile banking is one of the hottest topics these days, as financial institutions try to figure out how to open yet another channel that will help differentiate their service levels and provide operational savings.  So it shouldn’t be a surprise that mobility featured prominently at this year’s NACHA-sponsored Payments 2011 show in Austin, Texas.  Included among the main tracks, along side . . . ., were sessions every day on Mobility and Payments.

The session I decided to attend, on consumer trends in mobile banking, was at once both fascinating and frustrating.  The primary take-away, that banks need to understand the drivers and the demographics behind mobile banking and take it seriously, was nothing new. There was some excellent data – and although similar statistics have been reported before, it was made more significant because it was based on 3 years of trending data – and the author’s linkage of the data reinforced its importance. One observation in particular stood out:

  • that 50% of those with smart phones in the United States used mobile banking in the past 30 days; and,
  • the adoption of smart phones nearly doubled over the past year.

That’s a pretty graphic indicator of the potential adoption for mobile banking.

But in amongst all of the discussion of Gen Y and their online/mobile behavior, smartphone growth rates and the types of transactions taking place, was the oft repeated observation that Security, or lack thereof, was one of the largest inhibitors to mobile banking: in this survey. . .

And it was on this point that I found things went awry. It wasn’t until the speaker was asked a question – the last question asked – that the issue of security was addressed; and this was after his recommendations on what banks ought to be doing to address mobile banking. Not a mention of security. . . the number two barrier to adoption!

The question was simple: what should banks be doing to take on the issue of security around mobile banking – and the barrier it poses to greater adoption (perhaps paraphrased)?

And the answer?  Banks should be focusing on education – aggressive education of their customers – that mobile banking is secure – that it can be more secure than online banking; and that it should be driven in their marketing messages – that those on the frontline of the message, “the tellers and yellers” should be pushing this message hard.

This just went bump with me! In fact, bump is wildly understating it – this was a head-on, spectacular, metal-on-crushing-metal collision at 120 Km per hour (forgive me, I’m Canadian!).  Mobile banking is not secure right now! Most mobile banking applications are still only supporting User Name/Password to sign-on.  And mobile devices are becoming the target of the same sort of attacks that have plagued online banking – phishing attacks, malware downloads, and even man-in-the-browser attacks. And these are just going to escalate and grow in complexity as adoption increases.

On this point, it has been this type of “the-world-is-not-ending, just-stick-your-head-in-the-sand-like-an-ostrich-and-it’ll-all-be-good” type of message that has undermined security in the online space – and why the FFIEC is about to issue stronger guidelines for security around online banking. Financial Institutions have done the minimum required to add security for users – the adoption of Knowledge-Based Authentication (Questions & Answers) or image-replay, as an example. And online users have suffered as a result.

And if this is the recommendation that trusted advisors are offering for mobile banking – and the approach that banks are willing to adopt – then the FFIEC is going to be issuing guidelines again in another three year time. . . after mobile banking users have been scammed.

What banks should be doing to address one of the top barriers to mobile banking adoption is quite clear: they should be adding security to their mobile applications. And only then should the “tellers and yellers” get the message out that mobile banking is secure!


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation