Mobile banking: risk or reward?
A new regulatory report looks at mobile banking and payments' growing popularity, but also their downsides.
Inside the Enterprise: Take up of mobile banking in the UK is more than doubling each year; worldwide, according to the International Telecoms Union, almost one billion people will use mobile banking apps by 2015.
Such levels of interest, though, are bound to attract the attention of regulators. So, the UK's Financial Conduct Authority (FCA) has decided to look at both mobile banking and mobile payments, and has just issued an interim report.
The FCA's study defines mobile banking as making transactions and payments or viewing account information via a mobile phone or tablet, or using contactless payments from a device. According to the organisation, the increasing popularity of the services means that regulators need to update their understanding of how they are used, and how they affect the market.
The first stage of the FCA process was a "discovery" phase, carried out last year; this forms the basis of the current interim report. The focus for the initial phase is very much on potential risks. The second phase, which will see the FCA report back in the first half of 2014, will look at how banks are tackling those risks, and how mobile banking affects their customers.
For now, though, the FCA has identified a number of areas of possible concern. These will come as no surprise to IT professionals.
First among these is the risk of fraud, and the possibility that fraudulent activity will block consumers' access to their accounts. But the regulator is also concerned about security, including malware spread through mobile banking.
Already, banks have had to deal with malware that goes after banking transactions and data in the PC space. It is logical enough to expect fraudsters to go after mobile banking too, especially as relatively few smartphone or tablet users install anti-malware software.
But the FCA also identified three other risks: that mobile payments could be used for money laundering, that consumers might be less well informed about how to use mobile banking applications than either the desktop equivalents or indeed, branch-based services, and what it describes as the "technology risk".
This, along with fraud, may be the greatest risk of all. The FCA has identified "interruption to services" through system or IT failures as potentially locking customers out of their accounts.
This risk is not specific to mobile services. In fact, there have not, so far, been documented outages of mobile banking services in the UK, but there have been several cases where banks have lost access to core systems, including payment card readers and cash machines, over the last couple of years.
These failures have mostly been brief, although some have lasted for a number of days, but they have certainly been inconvenient. With any new service, teething problems are to be expected, but the fact that several large banks have suffered IT failures on systems that have been around for years is a warning sign.
The FCA is right to put banks on notice that their mobile services need to be both secure and reliable. The challenge for IT is making sure that they are.
Stephen Pritchard is a contributing editor.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now