The safest way to pay

June 2019 Security Services & Risk Management, Financial (Industry)

In the ‘old days’ – the days of magnetic stripe cards – a cardholder proved that they were the rightful owner of a card with a handwritten signature at the point of sale. Then came the chip cards, where a PIN number was used for authentication in a card-present context.

Gerhard Oosthuizen
Gerhard Oosthuizen

In card-not-present situations like online shopping, however, it is much harder to validate a customer’s identity, because they only have to input strings of numbers. To prove that a shopper is the rightful cardholder, another authentication method is required, which often adds friction and frustration to a customer’s online-shopping experience.

But the widespread adoption and computing power of the mobile phone means that a solution might be on hand. Ticking the boxes of security and convenience, the mobile banking app has the potential to become the payment tool of choice.

The rise of the mobile banking app

The use of mobile banking apps has taken time to gather momentum in some markets. A reason often cited is the fear of fraud and identity theft. This is understandable when considering that securing a banking app with a username and password only goes so far in proving that a user is the legitimate banking customer – especially in an era where security breaches and attacks like phishing abound.

So how can a bank reassure its customers that having all their banking information literally in the palm of their hand can be as secure as it is convenient? And that paying with their banking app can be more secure than paying with their debit or credit card?

A matter of trust

It all comes down to trust. Establishing a relationship of mutual trust between a bank and a customer is crucial. It creates a secure foundation from which the bank can offer rich and innovative services, while giving customers the confidence to engage with these services without security concerns. The mobile phone makes all of this possible by means of three key pillars: identity, integrity, and communication.

The first step in establishing a foundation of trust is the notion of identity. Digital certificate technology makes it possible to uniquely identify any registered customer’s mobile phone as well as the banking app that was originally registered on the phone. This means the bank can be certain that they’re communicating with the right person.

Secondly, the bank needs to be sure that neither the customer’s mobile phone nor the messages being sent between the device and the bank have been tampered with. In other words, the integrity of the device, the app itself, as well as the environment in which the app is running, must be proven.

Finally, the bank and the customer need to know that communication is secure and private. This can be achieved through technology that establishes an encrypted communication channel between the bank and the customer’s banking app. Since this is a separate, secure channel, no fraudster can intercept sensitive messages meant for the customer – like authentication requests and responses.

As safe as the banking app

At Entersekt, we believe that with trust as foundation, mobile banking apps can become much more than tools for checking balances. They can become enablers of new forms of banking and commerce that will not only transform the banking industry but will also revolutionise customers’ lives.

Modern technology, such as cloud and mobile technologies, has given banks the opportunity to completely redefine the banking experience for their customers and re-establish personal relationships. Doing so turns the mobile phone into an extremely valuable commodity for customers – a passport to all types of digital experiences without the hassle of unnecessary authentication requirements. A range of banking and payments capabilities can be made available 24/7, from anywhere in the world, in the palm of the customer’s hand. More than that, when a bank has a foundation of trust in place, its app can also be the safest way for customers to transact.

For more information, visit

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Social media and intelligence-led surveillance
July 2019, Leaderware , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Social media has become a major feature of most people’s lives in the last few years and they can be invaluable as a source of information for companies and security organisations.

The 4th Industrial Revolution
July 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Security Services & Risk Management, Industrial (Industry)
Most major industries have turned to and are reliant on technology to run their operations. This is a time of great promise, but also one of frightening peril.

Fake videos not threat to courtroom evidence
July 2019 , Security Services & Risk Management
The Washington Post recently reported top AI researchers are “racing to defuse an extraordinary political weapon: computer-generated fake videos that could undermine candidates and mislead voters".

Fear of the unknown
July 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
Fear of the unknown: while there’s still interest in cryptocurrencies, just 19% locally understand how they work.

Leveraging on Africa
July 2019, Managed Integrity Evaluation , Security Services & Risk Management
The purpose of cross-border expansion is to not only ensure sustainable growth and business viability, but also the ability to mitigate growing market risk and uncertainties across the globe.

Assess business resilience in terms of value
July 2019, ContinuitySA , Security Services & Risk Management
Looking at the total value of the investment (VOI) is a far better way of assessing the worth of an in-vestment with many intangible benefits.

Social media and background checks
July 2019, Managed Integrity Evaluation , Security Services & Risk Management
Social media screening and online checks can provide many benefits to a hiring employer; however, such screening should not be carried out in isolation.

Johnson Controls launches Technology Contracting in Africa
July 2019, Johnson Controls , Editor's Choice, News, Security Services & Risk Management
To address the growing challenge of planning, integrating and maintaining a multitude of different, highly connected systems, Johnson Controls is launching Technology Contracting in Africa.

A new method for data destruction
July 2019 , News, Security Services & Risk Management
Xperien is now able to professionally erase data on retired IT assets in compliance with the Protection of Personal Information Act (PoPIA).

Automated contraband detection
July 2019 , Security Services & Risk Management, Transport (Industry)
Today’s X-ray screening solutions have been updated with auto-detection capabilities that will raise an alert if a weapon or even small quantities of explosives and toxic materials are detected.