Stronger Mobile Application Security Is the Key to Revenue Growth

Will LaSala,

Fraudsters, hackers and cybercriminals are targeting the mobile channel more aggressively today than ever before. The vast majority of Americans now own smartphones (81%), and they are using the devices more and more often for financial transactions, from banking to shopping to peer-to-peer payments. Analysts estimate more than 2 billion people around the globe use digital devices such as smartphones, tablets, PCs and smartwatches for banking services, and nearly one-third of Americans use their mobile banking app the most, behind apps for social media (55%) and the weather (33%).

And it’s not just the financial services industry experiencing rapid growth in the mobile channel. From retail to hospitality to travel and tourism, consumers are exchanging huge sums of money through mobile applications. In 2018, consumers spent more than $100 billion on app store downloads, in-app purchases and subscriptions.

Unfortunately, criminals always go where the money is, which is why they are increasingly turning their attention to the mobile channel. In 2018, mobile malware attacks and mobile account takeovers nearly doubled.

As discussed on Forbes, it doesn’t help matters that many consumers wrongly believe that all apps they download are secure. Not only is it not true that apps downloaded from third-party stores are safe and secure, but even apps available on the official Apple and Google Play stores can also be malicious. Though the official app stores do filter out a large percentage of malware, they are not perfect. Assuming that all available apps are safe causes otherwise security-conscious consumers to lower their defenses and potentially compromise their own mobile devices.

When businesses’ mobile applications are vulnerable or consumers have their devices and personal information compromised due to mobile device or application security weaknesses, the consequences can be devastating to the business and consumer alike. Consumers can become victims of identity theft and other forms of fraud, and businesses suffer damage to their brand reputation and may face regulatory fines.

The good news, however, is that a security incident involving a mobile device or app can be avoided altogether by implementing mobile application security technologies and best practices.

How to Strengthen Mobile Application Security

Fortunately, businesses can take some simple steps to reduce the risk of fraud, malware, account takeover and other types of attacks in the mobile channel, better protecting both themselves and their customers. Organizations and the mobile developers creating their apps must begin implementing a complete mobile application security program.

Traditionally, this would consist of building security into design requirements, providing secure code training and resources to developers, performing regular security testing throughout the development life cycle, and periodically conducting penetration testing. But today, with the surge in attacks on mobile devices, these methods are not enough. Businesses and mobile application developers must begin applying client-side security measures, such as mobile application shielding technologies.

Mobile application shielding refers to a collection of technologies integrated into the mobile app’s code to protect it against malicious activity and safeguard sensitive information from cybercriminals, protecting both consumers and the organization. Even if the user’s device becomes infected with malware, app shielding will detect it and prevent the malicious code from running. It enables mobile applications to protect themselves even in untrusted device environments, such as compromised, infected or jailbroken phones.

In addition to mobile application shielding, businesses must also focus on natively integrating multi factor authentication into their apps. Tools like facial recognition, voice recognition, fingerprint readers and even behavioral biometrics are becoming more commonly used in mobile banking apps and in other vertical industries to strengthen security in the mobile channel and help prevent mobile account takeover. These authentication technologies should be used in a layered approach, so as not to negatively impact the customer experience.

Don’t Put Mobile App Security on the Backburner

As explained on Forbes.com, many organizations may trust that the Android or iOS operating systems alone will protect them. However, neither of these operating systems will ever be 100% secure, so additional measures must be taken to ensure the security of mobile apps.

Additionally, many businesses today still do not allocate a specific budget for securing their mobile apps, and developers sometimes view security as another barrier to conquer when it comes to the demand for more features and faster time to market. But when done right, stronger mobile application security can actually be a business benefit, driving revenue growth and customer retention and protecting against today’s threats and future ones.

Without adequate security, there are some functionalities and services that businesses simply won’t provide to their customers through the mobile channel because they are deemed too risky, and the potential for fraud or abuse is too high. By securing the mobile app and ensuring that it can protect itself from zero-day vulnerabilities and other targeted attacks, even on untrusted devices, businesses can have the confidence to open up new services and offerings through the mobile channel, creating new revenue streams that they otherwise would not have.

Mobile App Security Supports the Bottom Line

Developing a successful mobile application is no easy task for an organization, no matter what industry you’re in. Here are five simple steps to build a successful mobile app security program:

  • Educate developers about secure coding on a regular basis.
  • Include security in the product requirements.
  • Integrate frequent, automated security testing earlier in the development life cycle when vulnerabilities are easier and less expensive to fix.
  • Conduct periodic penetration testing on the mobile app.
  • Strengthen the app with additional protection in untrusted environments with in-app protection and app shielding technology.

There are pressures from all sides of the business to get the application built, tested and published as quickly as possible. However, in the rush to market, security cannot be overlooked. If the consumer’s device is compromised, the application is at risk, and your business’s brand reputation may be damaged.

With proper security measures in place, including application shielding and layers of natively integrated multifactor authentication, businesses can not only defend their mobile apps against attacks, but also protect their customers, simplify the customer experience and grow revenue.

Mobile App Shielding
White Paper

Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue

Discover how app shielding with runtime-protection is key to developing a secure, resilient mobile banking app.

Download Now

This article was originally published on Forbes.com on January 8, 2020.

 

 

 

 

 

Will LaSala is the Director of Security Solutions at OneSpan.  He joined the company in 2001 and brings over 25 years of software and cybersecurity experience. Since joining OneSpan, Will has been involved in all aspects of product implementation and market direction within financial institutions.