How To Build A Secure Mobile App
While it's a relatively new channel, mobile banking is growing rapidly, and apps are emerging as consumers' mobile solutions of choice. How do you ensure your app is secure?
"Clearly everyone is concerned about mobile security," says Jacob Jegher, senior analyst for Boston-based Celent's banking group. "But we haven't really seen the brunt of the challenges that could come with mobile fraud. In other words, it's a channel that hasn't been heavily targeted."
- Putting the Mobile Employee to Work
- Thriving in a Multi-Platform World: Integrating Mobile Device Management into Your Overall Security Strategy
- Altair Speeds Complex Simulation and Workload Management with the Intel' Xeon Phi Coprocessor
- Business Value of Compilers
But the market is expanding fast, and so is the target for criminals. A February IDC (Framingham, Mass.) report indicated that smartphone sales outpaced PC sales for the first time ever in the fourth quarter of 2010, with 100.9 million smartphones shipped versus 92.1 million PCs. The growth in smartphone sales could translate to more opportunity for customers to access their banks through those devices--either via apps or mobile browser--and more opportunity for fraud.
To keep up with the proliferation of devices and customers who prefer downloadable apps, banks often deploy mobile banking applications across multiple platforms--Apple's iOS, Google's Android, Research in Motion's BlackBerry and others--and banks have to build for the strengths and weaknesses intrinsic to every device, which adds to the security challenges. Another wrinkle is that these development efforts are creating an entirely new kind of bank channel experience.
"As you look at the back-office systems that are inherently driving online and mobile, they're the same systems," says Keith Gordon, SVP, echannels, fraud and enrollments executive, Charlotte, N.C.-based Bank of America ($2.27 trillion in assets). "But the big difference comes in how our customers are interacting with us. In an online space we've got complete control of that environment; whereas when you look at mobile, we've now pushed that functionality out to the customer."
Developing an app-based mobile banking experience is completely new for many banks, acknowledges Mark Bregman, EVP and CTO of Mountain View, Calif.-based security firm Symantec Corp., who stresses that security should be paramount in the process. "In a way you have to be more systematic in planning for and building mobile banking apps than you did with Web-based apps," Bregman says. "On the other side of it, things are moving very fast toward mobility--if you're a bank and you decide to wait too long, you run the risk of being left behind."
Because mobile banking via downloadable app is a relatively new phenomenon--the Apple iTunes App Store dates back to July 2008, and the Android Marketplace debuted that October--the current list of threats is poorly understood, if somewhat short. But that doesn't mean the threat isn't real--even if the app itself is not the problem.
See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.