Whether clients are online or using a mobile app, login security remains a major concern. In Corporate Insight’s 2015 Bank Customer Survey, 91% of iPhone users and 89% of Android users stated that security was “very important” or “extremely important” to them. With that in mind, it is essential for firms to implement high security standards for mobile apps, including but not limited to a thorough authentication process and clear communication of best practices for maintaining a safe mobile finance experience.
Client-facing mobile security has a clear focus on the initial login process. In addition to authentication via the traditional username and password combination, firms have rolled out new authentication methods to expedite the login experience. All firms in the Mobile Monitor coverage set allow iOS users to log in using Touch ID, and many also allow Android users to log in via fingerprint authentication. Entering a numeric PIN is another fairly common login option, with seven firms (26%) offering this capability or something similar and one firm offering additional biometric login options including voice and facial verification. This Mobile Monitor Report considers all these authentication and security tactics, as well as Remember Me options for expedited login, timeout periods, redaction of sensitive information and in-app security-related help content. Within the authenticated portions of the apps we track, firms often require additional verification measures around self-service functions like changing contact information and security credentials and managing login preferences. Many firms have also recently added security-related self-service functions like locking a debit or credit card and editing an ATM PIN, significant advancements since our last examination of mobile authentication and security in our 2012 Mobile Monitor Report. Twenty-one firms (78%) currently impose extra authentication around this type of functionality. We also encountered some security checks around P2P payments and funds transfers. Four firms (15%) enforce extra security around P2P, while seven (26%) do so around funds transfers.