In 2012, IBM's resource portal for developers, DeveloperWorks, covered in one of its articles the discovery by the companies of the financial sector of the fact that mobile technologies were an "opportunity to extend their reach to the customer and improve their differentiation".
According to the data available then, in 2015 the volume of development of apps for mobile devices would surpass that of all other platforms, and the global number of users of mobile banking and associated services could increase up to 894 million users in 2015 (representing an annual growth of a 59.2%).
The development of mobile applications also involves having to face many challenges. The first one is facing the variety of the mobile ecosystem, providing support for the multiple different combinations of devices (smartphones, tablets, etc.) and operating systems (Android, iOS, Windows, Firefox OS… and their different variants) owned by those millions of users, while facing the costs of testing the apps in all possible scenarios and maintaining consistent development environments between the different members of the team.
Of all the challenges... the first one is security
The development of financial apps probably requires an urgent review in all its aspects, but security, however, is the main challenge for developers of mobile banking apps. In the past, the technological supervisors of the major banks had a relatively simple task at hand: building a security perimeter around the centralized computer systems of the company, but mobile apps have changed everything... starting with breaking that perimeter.
● 70% lacked alternative authentication options to mitigate the risk of stolen identity attacks.
● 40% did not validate the authenticity of the digital certificates received from a server.
● 20% did not take advantage of the security functions of the operating system designed to limit the risk of attacks due to memory corruption.
● Lastly, the file system of several apps used unencrypted SQLite data baseseven though they contained sensitive information such as details of the customer's bank account and transaction history.
At about the same time, Pretorian conducted a similar study, extending it in this case to 275 mobile banking apps offered by the 50 major financial companies, the 50 leading regional banks and the 50 main cooperatives in the United States. Additionally, iOS and Android apps were analyzed in this case. The result? 80% of them had shortcomings.
The times of the central security perimeter has gone by. In fact, the spirit of the times of this sector seems to be quite the opposite: users increasingly demand more access options, faster and easier to use. In the end, they are the best way for banks to reach more customers and differentiate themselves from their competition. But if the great central wall is to be replaced with a network of watchtowers, the building methods must change. And do so at the same speed.