Secure Mobile Application Development: Making the Business Case for App Shielding

OneSpan Team,

In the increasingly crowded and competitive financial services market, financial institutions (FIs) are prioritizing mobile app development and the mobile user experience in order to maximize customer acquisition and retention. So why does it seem that secure mobile application development isn’t receiving the same amount of attention?

Cybercriminals and hackers are doubling down on their efforts to attack mobile users by exploiting security vulnerabilities in mobile devices and apps, with a particular focus on mobile banking. Hackers are tampering with mobile apps using loopholes to stage man-in-the-middle (or person-in-the-middle) and other attacks to steal sensitive information on the backend. At the same time, consumers and business users are increasing their use of mobile services. According to Juniper Research, there are as many as 2 billion people (50% of the entire global banking population) using their mobile device for banking services. And we know that is not limited to bank apps; users have more choices for mobile financial services than ever, due to continued innovation and new competitors in the mobile financial services space. End users have more sensitive information and sensitive data on their phone than ever before, and as a result, we must devote more attention to malware and application security.

As financial institutions confront these two trends, we are seeing DevSecOps take on the role of promoting secure mobile application development – especially when it comes to empowering banking apps to protect themselves through mobile app shielding. Mobile app shielding hardens a mobile app against attacks in hostile environments, such as compromised user's devices, and automates real-time interception of malicious actions targeting a mobile app.

But, the value of app shielding extends beyond mitigating mobile threats and malicious code on the client-side. To successfully make the business case, it’s important to be able to explain to the business how app shielding can also increase trust, improve the customer experience, and positively impact revenue growth, revenue retention, cost reduction, and cost avoidance. In this blog, we'll make the case that app shielding should be counted among your mobile app security best practices.

Mobile App Shielding
White Paper

Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue

Learn how app shielding with runtime-protection is key to developing a secure, resilient mobile banking app.

Download Now

Mobile App Shielding and Secure Mobile Application Development Helps FIs Grow and Retain Revenue

To cement competitive advantage in the mobile channel, banks and other financial services providers have smaller and smaller windows to bring new mobile innovations to market. While they need to move fast, taking shortcuts when it comes to cryptography, security testing, and other forms of validation and mobile security only puts the business at risk, creating a bigger problem in the future.

Research suggests that mobile users who trust their financial institution to protect their personal, account, and payments information are more engaged and transact more in the mobile channel. App shielding, along with a comprehensive mobile app security program, greatly reduces mobile app security risks, which in turn increases trust in a bank.

For example, a Javelin survey of 300 financial institutions in France, Germany, the U.S., and the U.K. found that FIs whose customers trust the security of their digital offerings reported higher monthly usage of their online portals (8% higher) and mobile apps (5% higher). Having more engaged customers in turn leads to more revenue – in some cases, 72% more than branch-only customers.

In terms of retaining customers (and thereby revenue), cybersecurity concerns and security issues remain at the top of the list when people look for or consider switching to a new financial services provider. A study by Carnegie Mellon University researchers has shown that banking customers are more likely to end their relationship with a financial institution six months after an incident of unauthorized fraud occurs on their account.

While that conclusion seems self-evident, a common refrain is that consumers are becoming desensitized to security incidents. However, research suggests otherwise when it comes to financial services. Ponemon Institute’s annual Cost of a Data Breach study shows that of 17 industry sectors FIs that suffer a security breach see a higher customer churn rate in the aftermath of a breach. This is second only to healthcare. The security measures that your organization takes has an impact on your customer loyalty, and addressing potential security threats has become an essential part of customer service.

Mobile App Shielding and Secure Mobile Application Development: Increasing Efficiency of Development and Security Teams

Regardless of how many mobile developers or security professionals you currently have on staff, there’s a good chance you wish you had more. In a Salesforce survey of 2,200 IT leaders around the world, 48% reported experiencing a mobile development skills shortage, and 47% reported a security skills shortage. With so many organizations operating short-handed, security deficiencies are only exacerbated by pressures to launch new features more quickly.

According to the 2018 DevSecOps Community Survey, 48% of developers report not having adequate time to spend on security. The same survey revealed that on average developers (mobile and otherwise) outnumber security staff 100 to 1. Security teams are spread thin in general and especially so when it comes to mobile app security expertise, which is less common than other disciplines.

Is it really any wonder then that 85% of 45,000 publicly available Android apps and Apple iOS apps available on the app stores were found vulnerable to one of OWASP’s Top 10 Mobile Risks? There does not seem to be enough time in the day for developers and security teams to ensure secure mobile application development.

Any tools that can help save time for these teams will have a serious effect on the bottom line.

Tools might include mobile SDKs that drastically reduce the effort in integrating security and authentication capabilities into the mobile app source code. Automated testing throughout the software development lifecycle can catch security bugs earlier in the process when they are less expensive to fix and save the security team time for more in-depth penetration testing.

Finally, app shielding technology takes only minutes to deploy, does not require deep development expertise, and proactively defends the mobile app, app data, and user data. This advanced protection safeguards against the latest mobile banking Trojans, reverse-engineering techniques, and more – going far beyond what the majority of organizations are capable of building internally.

Promoting Mobile Application Security During Development Today

Failing to invest appropriately in mobile app security during the development process creates a debt that must be paid in the future. To prevent this, savvy organizations are taking action now and applying mobile app shielding to their mobile apps. Using mobile app shielding with runtime protection, financial institutions are able to reduce fraud while also realizing efficiency in their IT security and development teams, thereby releasing protected and secure mobile apps without adversely affecting development schedules.

For more data points supporting the business case for app shielding, read Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue.

 

The OneSpan Team is dedicated to delivering the best content to help you secure tomorrow's potential. From blogs to white papers, ebooks, webinars, and more, our content will help you make informed decisions related to cybersecurity and digital agreements.