Last week, I was surprised to see the Wall Street Journal run a nearly full-page piece entitled, Is Mobile Banking Secure? (it was in a special Personal Finance section included in Monday’s print and online editions). The Q&A was with two long-time fintech analysts Javelin’s Emmett Higdon, Forrester’s Peter Wannemacher along with Joseph Carrigan, a senior security engineer at Johns Hopkins University.
Ten years into the smartphone era, I thought we’d moved away from debating its baseline security. That may be true in pundit space, but apparently the users are not buying it. Fully, 70% of non-users blame security for the lack of mobile banking adoption (note this 70% number has been the same for 20 years now, digital non-users always blame security, it’s a good scapegoat for any lack of participation).
The best advice in the Q&A? Wannemacher’s advice to add more info about mobile security INTO your mobile app. He said about half of banking apps don’t address security and privacy within the app. I also liked Higdon’s point that frequent logging in is a great way to fight fraud by keeping close tabs on your accounts.
And I thought the least helpful bit was Carrigon’s assertion (probably taken out of context) that big banks are probably more secure than smaller one since “they spend more.” I don’t think that jives with the facts. Because smaller banks tend to outsource their mobile banking from hardened vendors, they are at no disadvantage overall. (They might be slightly more vulnerable to cyber security attacks, but that’s not what this article was about.) I’m also not sure that Carrigan’s warning people about coffee shop wifi security is all that helpful. Is it really a material threat to mobile banking security? Doubtful.
Bottom line: Don’t take security perceptions, mobile or online, for granted. You must continue to reinforce to both users and non-users that the best defense against crooks is to be constantly vigilant, and for most users, that means monitoring your account mobily. It would also be wise to help users maintain the right amount of security alerts, not so many that they become numb to them. But not so few that a crook can gain access.