If they haven’t already done so—or haven’t done so in a while– financial institutions in the United States will need to take a fresh look at the integrity of their mobile banking service platforms after federal regulators released new guidelines on the matter.
The Federal Financial Institutions Examination Council (FFIEC) released a new set of directions detailing how financial institutions should be securing mobile banking transactions. These guidelines are what federal examiners will refer to when it comes time for an inspection, so it is crucial that financial institutions understand what they need to do to comply.
The recommendations made in the new guidance appendix to the FFIEC Examination Handbook include, but are not limited to, educating end users on how to avoid falling victim to fraud, shoring up or replacing aging security controls and deploying multi-factor customer authentication of user logins.
Some of the core recommendations related to strengthening the security of mobile transactions and mitigating fraud risks include:
- Lowering Risk From Compromised Devices – Mobile phones that are rooted, jailbroken or otherwise freed of their operating system controls are increasingly common, and allow the installation of apps from unregulated or unvetted app stores. The FFIEC guidance recommends mitigating the risk associated with compromised mobile devices by employing tools, such as device fingerprinting, in order to determine the integrity of the device and help confirm the authenticity of mobile transactions.
- Robust End-User Authentication – Banks must have a system in place for authenticating mobile financial service users to protect them against fraudulent transactions or malicious activities. Single-factor authentication methods such as passwords and PINs are no longer adequate in securing the mobile channel. The guidelines call on banks to implement a means of rapid notification of potentially fraudulent transactions. It also recommends that institutions consider putting in place biometric authentication technology.
- Mitigating the Risks From Rogue Mobile Apps – Fraudsters can compromise mobile application-based financial services by developing rogue, corrupted or malicious applications (or adding rogue code to applications) that a customer downloads onto their mobile device.Banks should consider the increased operational risk to their mobile platform when these rogue apps are active and mimicking them online, as this can lead to compromised customer devices, account takeovers and a loss of trust in a bank’s brand and reputation.
Easy Solutions Can Help You Comply with the NEW FFIEC Guidance
The solutions that make up our Mobile Application Fraud Protection Suite are in line with FFIEC recommendations, and will help your financial institution follow the mobile banking security guidelines:
- App Protection That Identifies Device Risks in Real Time – Assimilate reinforced self-protection into your mobile app code so that compromised devices can’t affect secure transactions. Our mobile device authentication solution provides detailed analytics about end-user device health, such as whether a device is jailbroken or rooted, connected to an insecure Wi-Fi network or running an emulator. Confirm that apps are running in safe environments, and quickly respond to potential attacks with alerts and repairs.
- Accurate Mobile Customer Authentication – Keep criminals out while giving customers easy access, with reliable authentication contained within your own mobile app. Our push authentication solution only allows registered customer devices to access sensitive data by detecting a ‘fingerprint’ of their unique hardware characteristics. Authentication methods such as push messages, QR codes and facial, voice and fingerprint biometrics give users greater control over the security of their mobile transactions without introducing more friction.
- Rogue App Detection and Takedown – Find and remove the fake applications that are impersonating your brands and tricking your customers. We monitor all the major app marketplaces as well as third-party stores for rogue or malicious apps that infringe on your brand and trademark, removing unauthorized and repackaged apps before customers can fall victim to them.
It’s only a matter of time before banks will face an audit by FFIEC examiners, and this document provides a clear blueprint of what they think financial institutions ought to be doing to secure mobile transactions. Don’t be caught off guard – let Easy Solutions help you comply with the mobile financial services recommendations.
To quickly begin reducing mobile fraud, get in touch with us at firstname.lastname@example.org.