How Mobile Banking Security Could Be Invisible
Security in any application—particularly in mobile banking applications—is a challenging balance to strike. Everyone wants security that keeps out the bad guys and prevents some 14 year old from seizing your credit card and using it to buy whatever it is 14 year olds buy these days. Yet no one wants security that’s so tough to use that even you can’t get access to your credit card. A new report from Vasco illustrates how mobile banking security could be downright invisible.
The Vasco report shows that the balancing act I referenced is more than anecdotal. Customers want well-protected apps that are easy to use and do plenty. That’s almost a contradiction in terms, but customers expect it anyway. With the threat landscape changing thanks to its advancement to defeat the things that were brought out to defeat its own prior generation of tools, app makers in turn have to advance as well to beat the new crop of security threats.
One of the biggest measures to defeat the new threats is runtime application self protection, or RASP. RASP can work quietly in the background to spot potential threats and remove these threats accordingly, while allowing you to continue on as if there were no protection at all. RASP addresses app source code, which is so deep into the app most users will never see it even if they were inclined to.
From there, app makers can consider points like biometrics—which are hard to fake if done properly—along with authentication data and other factors to establish full security for comparatively simple processes.
There was a time when a password and user name were enough to secure an account. Even with highly secure passwords involving—as Dilbert once famously put it—“letters, numbers, doodles, sign language and squirrel noises”, we just aren’t as protected by the simple methods as we once were. We need improved security in order to protect all our apps, and the ones directly connected to our financial well-being only need more protection.
Still, with what’s already being considered—down to the source code itself—it’s a safe bet that our mobile banking applications will continue to be well-protected and yet perfectly usable for some time to come.