Security in Mobile Banking

webtree > Trending  > Membership  > Security in Mobile Banking

Security in Mobile Banking

Mobile banking application lets you do banking transactions & access other value-added services.

While it is not possible to say that all such solutions in the market are absolutely safe, from our experience interacting with dozens of banks, I can say that most banks have a very stringent set of security policies, multiple levels of audits by compliance teams & very detailed testing by UAT (user acceptance test) teams.

The thumb rules are that:

1) All sensitive information & passwords should be encrypted (1024-bit PKI preferably for passwords) from right at the point of input all the way till it reaches the bank servers in their data centre.

2) App should communicate to servers only using HTTPS. A 2K SSL certificate should be more than enough.

3) Each transaction should be processed only after a 2-FA (two-factor authentication). 3 factors are “what you have, what you know & what you are”. Verifying 2 out of 3 is good enough. This is why typically most apps use an OTP + PIN combination.

There are a ton of other things that can make the app even more secure but if these three aspects aren't taken care of, then the risk is on the higher side.

Over & above these measures, there will always be a bunch of guidelines from the regulatory authority of the country which further enhances security by ensuring that the bank/technology provider adheres to the best practices in the industry when it comes to on-boarding users, taking permissions, issuing & managing PINs/passwords etc.

A well-executed Mobile Banking app could be a lot safer than most browser-based Net Banking apps in more ways than one. So if you are already a Net Banking customer of a reputed bank, there is no reason for you to worry.