The safest way to pay

June 2019 Security Services & Risk Management, Financial (Industry)

In the ‘old days’ – the days of magnetic stripe cards – a cardholder proved that they were the rightful owner of a card with a handwritten signature at the point of sale. Then came the chip cards, where a PIN number was used for authentication in a card-present context.

Gerhard Oosthuizen
Gerhard Oosthuizen

In card-not-present situations like online shopping, however, it is much harder to validate a customer’s identity, because they only have to input strings of numbers. To prove that a shopper is the rightful cardholder, another authentication method is required, which often adds friction and frustration to a customer’s online-shopping experience.

But the widespread adoption and computing power of the mobile phone means that a solution might be on hand. Ticking the boxes of security and convenience, the mobile banking app has the potential to become the payment tool of choice.

The rise of the mobile banking app

The use of mobile banking apps has taken time to gather momentum in some markets. A reason often cited is the fear of fraud and identity theft. This is understandable when considering that securing a banking app with a username and password only goes so far in proving that a user is the legitimate banking customer – especially in an era where security breaches and attacks like phishing abound.

So how can a bank reassure its customers that having all their banking information literally in the palm of their hand can be as secure as it is convenient? And that paying with their banking app can be more secure than paying with their debit or credit card?

A matter of trust

It all comes down to trust. Establishing a relationship of mutual trust between a bank and a customer is crucial. It creates a secure foundation from which the bank can offer rich and innovative services, while giving customers the confidence to engage with these services without security concerns. The mobile phone makes all of this possible by means of three key pillars: identity, integrity, and communication.

The first step in establishing a foundation of trust is the notion of identity. Digital certificate technology makes it possible to uniquely identify any registered customer’s mobile phone as well as the banking app that was originally registered on the phone. This means the bank can be certain that they’re communicating with the right person.

Secondly, the bank needs to be sure that neither the customer’s mobile phone nor the messages being sent between the device and the bank have been tampered with. In other words, the integrity of the device, the app itself, as well as the environment in which the app is running, must be proven.

Finally, the bank and the customer need to know that communication is secure and private. This can be achieved through technology that establishes an encrypted communication channel between the bank and the customer’s banking app. Since this is a separate, secure channel, no fraudster can intercept sensitive messages meant for the customer – like authentication requests and responses.

As safe as the banking app

At Entersekt, we believe that with trust as foundation, mobile banking apps can become much more than tools for checking balances. They can become enablers of new forms of banking and commerce that will not only transform the banking industry but will also revolutionise customers’ lives.

Modern technology, such as cloud and mobile technologies, has given banks the opportunity to completely redefine the banking experience for their customers and re-establish personal relationships. Doing so turns the mobile phone into an extremely valuable commodity for customers – a passport to all types of digital experiences without the hassle of unnecessary authentication requirements. A range of banking and payments capabilities can be made available 24/7, from anywhere in the world, in the palm of the customer’s hand. More than that, when a bank has a foundation of trust in place, its app can also be the safest way for customers to transact.

For more information, visit www.entersekt.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Vodacom and SAPS launch MySAPS mobile app
October 2019 , Security Services & Risk Management
Vodacom, in partnership with the South African Police Service, will empower citizens to contribute to their own safety as well as the safety of their communities through the newly launched MySAPS app.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Drones improve risk management
October 2019 , Security Services & Risk Management
Indwe embraces drone technology to help improve risk management and optimise insurance.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Read more...
Biometrics in identity
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Security Services & Risk Management
With multiple identity providers offering to manage digital identities for the general public, the root identity – the single sovereign trusted identity upon which all others are based – must start with government.

Read more...
Success lies in planning
November 2019, Vox Telecom , Security Services & Risk Management
A safe and smart city will only be successful if it is planned properly, if there is buy-in from all the stakeholders and if it is managed efficiently.

Read more...