The Evolution of Online Banking

November 15, 2016

Blog

Marie Austenaa, VP and Head of Personal Data & Mobile Identity Programme at GSMA

In April this year, the World Retail Banking Report from Capgemini reported significant improvements for banks’ customer experience. A significant amount of progress can be attributed to the investment that banks have made over the last year to enhance their digital offering.

As digital identity technologies have developed, the financial sector has taken steps to incorporate them into core services that safeguard security and make banking easier. Most major banks now allow customers to check account balances from their mobile phones, often without the need to explicitly authenticate themselves, given the low-value risk.

Yet much more needs to be done before banking can really be described as seamless. A number of services still require account holders to physically visit a bank branch to verify their identity. Anyone who has visited a bank during their lunch break for this reason – and found scores of other people also doing the same – can attest to its inconvenience. The continued use of paper-based identity verification, via passports and driving licenses, also adds delays which are plainly out of step with the increased pace of digitisation in other industries.

Moreover, as more businesses move online, protecting vital data such as financial information has become much more difficult. Online security threats are becoming increasingly prolific and last year ‘phishing’ emails and ‘ransomware’ campaigns rose by 55% and 35% respectively with half a billion personal records stolen.

The old authentication norm of usernames and passwords are simply no longer secure. Hackers are getting better at cracking them or using social engineering to trick members of the public into inadvertently revealing them. And with the ever-increasing number of logins required today, it’s little surprise that 65 per cent of users default to using the same password for various accounts. Multiple passwords are also inconvenient: 37% admit having to reset a password at least once per month due to the sheer number they now have to remember, and 6 out of 10 businesses say this is having an effect on productivity.

The challenge for banks is balancing security with convenience. A secure digital identity solution that enables users to cut down on time lost to banking procedures is essential for the healthy development of financial services. Effective authentication solutions utilise two factors of authentication – typically relying on something the user has, as well as something they know (a PIN or password) or something they are (such as a biometric). Banks have some such solutions in place, but the common model of card-readers and PIN numbers is ineffective as few people want to carry such a device at all times.

This is where mobile authentication comes into play. By eliminating the need for an additional item, and relying instead on one the user has with them anyway – their mobile phone – it offers users the best of both worlds.  Possession and control of the mobile phone (as a single factor of authentication) can be combined with a secret (e.g., PIN) or biometrics (e.g., fingerprint). In both cases, the information submitted by the user is verified locally on their mobile phone, mitigating the vulnerability of server-side databases of passwords or fingerprints.

Such an approach is far more secure that the current ‘out-of-band’ authentication mechanisms used by banks such as One Time Passwords via SMS or Interactive Voice Response (IVR) solutions, all of which can be easily targeted by malware on the device.  Moreover, an operator solution can enhance security by leveraging unique contextual insights derived from the user’s behaviour on the mobile network to provide additional signals for capturing potential fraud.

When banks and operators pool their knowledge and expertise, they are able to create a more secure environment for transactions. In fact, the GSMA has already begun working with a number of operators and service providers to roll out Mobile Connect, an operator-based authentication service which provides a convenient and secure log-in solution with privacy protection. The digital journey in banking has started now in earnest, but there is more work to be done to ensure safe and convenient access to these new digital services.

Back

SIM Toolkit Device Requirements to Improve Mobile Connect Customer Exp This document presents the requirements for the device to improve the user experience of the Mobile Connect SIM applet authenticator. The ETSI (The European Telecommunications St...

Read more | See all Personal Data Resources

Mobile Connect demonstrations As Mobile Connect advances, more examples of its uses continue to emerge. These two videos are the latest demonstrations of Mobile Connect in action. The first illustrates how Mo...

Read more | See all Personal Data Resources

Mobile Connect: mobile high-security authentication This non-technical paper is designed to address security questions related to authentication, especially with respect to payments, banking and online commerce. It explains how Mo...

Read more | See all Personal Data Resources

Telco’s mobile based digital authentication and identity in digital This report was produced by Deloitte India for the August edition of Communications Today. An estimated 650 million people will be online in India by 2020, with the mobile phone...

Read more | See all Personal Data Resources

How Mobile Connect Can Transform Digital Banking Consumers like the convenience of being able to bank and transact online using a PC, tablet or smartphone. However, the available authentication procedures involving multip...

Read more | See all Personal Data Resources

Mobile Connect – Indian Overview Mobile Connect is now available to more than 800 million consumers across India. Mobile network operators (MNOs) offering Mobile Connect services are Aircel, Bharti Airtel, Idea,...

Read more | See all Personal Data Resources

Media Giants Collaborate for Demo of New Music App, Mobile Connect Mus Three of the most renowned brands in the music industry, Sony Music, Universal Music and Warner Music Group (and their playlist brand, Topsify), have united through Kuack Media G...

Read more | Visit Personal Data Blog

Digital Community Reaches Consensus on UN’s Identity Goals Marta Ienco, Head of the Government & Regulatory affairs, Personal Data   Analyses of the potential of the global digital economy often conclude that advanced economies have...

Read more | Visit Personal Data Blog

Digital Identity in the GSMA Innovation City See below for a list of digital identity demonstrations in the GSMA Innovation City Across the globe, mobile network operators and digital service providers are incorporating Mob...

Read more | Visit Personal Data Blog

Mobile Connect to provide access to UN Sustainable Development Goals A Mobile Connect will be available for use with the GSMA’s ‘SDG in Action’ mobile app from February 21st as part of a major update ahead of this year’s Mobile World Congres...

Read more | Visit Personal Data Blog

SIMAlliance Publish SIM Applet Interoperability Guidelines New guidelines have been released by industry trade association SIMAlliance that aim to simplify the deployment of Mobile Connect. The guidelines, ‘Mobile Connect SIM Applet I...

Read more | Visit Personal Data Blog

Mobile Connect Government & Policy Expert Named in List of top 10 The GSMA’s Marta Ienco, Head of Government and Regulatory Affairs for Personal Data, has been named by identity experts, One World Identity, in their list of top 100 leaders in...

Read more | Visit Personal Data Blog

Mobile World Congress 2017 February 27, 2017 Mobile Connect will be present at this year’s Mobile World Congress 2017  – the world’s biggest mobile event.  The digital identity solution will be featured ...

Read more | See all Personal Data Events

Mobile Connect: Delivering global mobile identity services February 27, 2017 Mobile Connect, the mobile industry’s secure digital identity service, is gaining momentum.  Operators in many countries are now collaborating to offer country-wide identity s...

Read more | See all Personal Data Events

Mobile Connect: the evolving landscape for high security authenticatio February 28, 2017 Secure authentication increasingly underpins the future prosperity and economic viability of online services and transactions. This seminar will bring together experts from mobil...

Read more | See all Personal Data Events

Mobile Connect: How global brands are protecting consumers and reducin March 01, 2017 In an era of unprecedented fraud and technological awareness, people are reluctant to initiate transactions and provide information. Mobile Connect has a key role to play in comb...

Read more | See all Personal Data Events

Mobile Connect Summit – London April 25, 2017 We are pleased to be hosting the first Mobile Connect Summit of the year in London on the 25 & 26 April. As it becomes more apparent that digital identity solutions are ne...

Read more | See all Personal Data Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.