The Evolution of Online Banking

November 15, 2016

Blog

Marie Austenaa, VP and Head of Personal Data & Mobile Identity Programme at GSMA

In April this year, the World Retail Banking Report from Capgemini reported significant improvements for banks’ customer experience. A significant amount of progress can be attributed to the investment that banks have made over the last year to enhance their digital offering.

As digital identity technologies have developed, the financial sector has taken steps to incorporate them into core services that safeguard security and make banking easier. Most major banks now allow customers to check account balances from their mobile phones, often without the need to explicitly authenticate themselves, given the low-value risk.

Yet much more needs to be done before banking can really be described as seamless. A number of services still require account holders to physically visit a bank branch to verify their identity. Anyone who has visited a bank during their lunch break for this reason – and found scores of other people also doing the same – can attest to its inconvenience. The continued use of paper-based identity verification, via passports and driving licenses, also adds delays which are plainly out of step with the increased pace of digitisation in other industries.

Moreover, as more businesses move online, protecting vital data such as financial information has become much more difficult. Online security threats are becoming increasingly prolific and last year ‘phishing’ emails and ‘ransomware’ campaigns rose by 55% and 35% respectively with half a billion personal records stolen.

The old authentication norm of usernames and passwords are simply no longer secure. Hackers are getting better at cracking them or using social engineering to trick members of the public into inadvertently revealing them. And with the ever-increasing number of logins required today, it’s little surprise that 65 per cent of users default to using the same password for various accounts. Multiple passwords are also inconvenient: 37% admit having to reset a password at least once per month due to the sheer number they now have to remember, and 6 out of 10 businesses say this is having an effect on productivity.

The challenge for banks is balancing security with convenience. A secure digital identity solution that enables users to cut down on time lost to banking procedures is essential for the healthy development of financial services. Effective authentication solutions utilise two factors of authentication – typically relying on something the user has, as well as something they know (a PIN or password) or something they are (such as a biometric). Banks have some such solutions in place, but the common model of card-readers and PIN numbers is ineffective as few people want to carry such a device at all times.

This is where mobile authentication comes into play. By eliminating the need for an additional item, and relying instead on one the user has with them anyway – their mobile phone – it offers users the best of both worlds.  Possession and control of the mobile phone (as a single factor of authentication) can be combined with a secret (e.g., PIN) or biometrics (e.g., fingerprint). In both cases, the information submitted by the user is verified locally on their mobile phone, mitigating the vulnerability of server-side databases of passwords or fingerprints.

Such an approach is far more secure that the current ‘out-of-band’ authentication mechanisms used by banks such as One Time Passwords via SMS or Interactive Voice Response (IVR) solutions, all of which can be easily targeted by malware on the device.  Moreover, an operator solution can enhance security by leveraging unique contextual insights derived from the user’s behaviour on the mobile network to provide additional signals for capturing potential fraud.

When banks and operators pool their knowledge and expertise, they are able to create a more secure environment for transactions. In fact, the GSMA has already begun working with a number of operators and service providers to roll out Mobile Connect, an operator-based authentication service which provides a convenient and secure log-in solution with privacy protection. The digital journey in banking has started now in earnest, but there is more work to be done to ensure safe and convenient access to these new digital services.

Back

Driving Mobile Connect Usage – Turkcell Looking to improve its customers’ experience and further differentiate its proposition, Turkcell launched Mobile Connect initially on its self-care mobile application and websi...

Read more | See all Identity Resources

Mobile Connect London Summit: Presentations Taking place on the 25th and 26th April, the Mobile Connect London Summit was a forum for leading figures in the wider mobile industry to debate the most pressing issues in the...

Read more | See all Identity Resources

The PSD2 Opportunity: Mobile Operators and Fintech This paper discusses the opportunities relating to the partnership between mobile network operators and fintech companies, and how both parties can benefit from each others&#...

Read more | See all Identity Resources

SK Telecom: Integrating Existing Identity Solutions into Mobile Connec In December 2016, SKT adapted both T-Auth and T-ID to comply with the Mobile Connect specifications. The goal was to make it easier for international customers to use SKT’s app...

Read more | See all Identity Resources

Seminar Presentations from Mobile World Congress 2017 Mobile World Congress 2017 hosted three industry seminars on Mobile Connect and the future of digital identity.  You can find out more about each of these subjects by downloadin...

Read more | See all Identity Resources

SIM Toolkit Device Requirements to Improve Mobile Connect Customer Exp This document presents the requirements for the device to improve the user experience of the Mobile Connect SIM applet authenticator. The ETSI (The European Telecommunications St...

Read more | See all Identity Resources

Will Latest Cyber Attack Unite the Digital Community? Although data breaches and cybercrime are increasingly the hallmark of the age we live in, last week’s WannaCry attack has drawn out uniformly strong calls for the wider tech i...

Read more | Visit Identity Blog

Summit Demonstrates Growing Demand for the Various Offerings of Mobile Industry event reveals how Mobile Connect has evolved well beyond its authentication moorings LONDON — Last week, global leaders in the mobile industry and adjacent sectors...

Read more | Visit Identity Blog

Trust & Privacy will be Increasingly Important to eID Market ‘Cybercrime keeps Climbing’. This was one of the principal findings from PwC’s Global Economic Crime Survey 2016, and a reminder that many businesses are unprepared for -or...

Read more | Visit Identity Blog

The Next Phase of Cross-Border Public Services With over 3 billion enabled users worldwide and its federated distributed architecture, Mobile Connect is a leading example of a mobile identity and authentication solution for g...

Read more | Visit Identity Blog

Mobile Connect’s collaboration with leading brands during MWC17 poin Mobile World Congress revealed many ways in which mobile technology is evolving to deliver a new range of digital services. Inside the event’s GSMA Innovation City, we were giv...

Read more | Visit Identity Blog

Restoring Trust in the Digital Age – the Great Debate at MWC Industr The security of customer data has never been more crucial. In our digital world, the risk of fraud has reached unprecedented heights and consumers are increasingly cautious about...

Read more | Visit Identity Blog

Mobile World Congress Shanghai June 28, 2017 Mobile Connect will be present at this year’s Mobile World Congress Shanghai – Asia’s biggest mobile event. Bringing together the global mobile industry’s C...

Read more | See all Personal Data Events

MWCS17 Seminar: Mobile Connect: Deploying mobile identity services acr June 29, 2017 Mobile Connect is the global mobile industry’s secure universal identity solution.  By March 2017 it had been made available to over 3 billion consumers worldwide and with ope...

Read more | See all Personal Data Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.