Security tips to help protect your mobile banking app users
More people are working from home, increasing network traffic. They’re also going online and using mobile apps to handle tasks they previously handled in person. That means more cybercriminals are looking for an opportunity to profit or cause disruption via cyberattacks, which are ever increasing.
And just like hackers are targeting businesses, retailers and government agencies—they're also zeroing in on banks and credit unions at their most vulnerable time. Especially with physical distancing measures in place, and as more branches close and shift to digital banking, your mobile banking app may become even more attractive for hackers.
Here’s how you can help protect your business and your customers.
Make your customers aware of social engineering
Social engineering is the use of manipulation or deception to trick someone into divulging information or taking an action using technology. And now, more than ever, consumers are at heightened risk of being socially engineered by fraudsters looking to take advantage of current global fears.
Use your website, email, social media and other promotional channels to educate your customers on this technique and help them be aware of when they might be targeted. Provide tips on recognizing a phishing email, for example, or outline steps to make sure they’re accessing a genuine version of your app.
Implement strong cryptography
Non-secure use of cryptography is common in mobile apps and can allow a hacker to access data that hasn't been properly encrypted or even execute mobile malware.
While Android and iOS systems try to keep data inside each application separated by user permissions, NCR recommends going a step further. We recommend providing an extra layer of protection by encrypting any locally stored data that might be generated from within your app using an industry standard encryption mechanism, such as AES-256.
Use secure authorization
Mobile apps are known for allowing weaker authentication, such as a four-digit PIN. Less complex authentication schemes like this are naturally easier for an attacker to guess, and can allow the criminal to gain access to a user’s account to falsify activity or obtain sensitive information.
NCR recommends implementing more complex authentication requirements like multi-factor authentication, e.g., a combination of password and one-time PIN, or password and biometrics.
Protect network traffic
Many mobile apps don’t monitor client-to-server communications, or they use an outdated encryption protocol, or only apply encryption during authentication. All of these issues can leave data open to exposure.
Using TLS 1.2 for all communications carried out by your mobile app provides strong encryption to help ensure your customer data is more secure when it's transmitted over the network.