Pie chart showing breakdown of the answers to the survey question: how concerned are you about the potential for credit card information to be intercepted by an unauthorised party? Concerns over
security and privacy are the biggest barriers to the adoption of
mobile banking according to KPMG. Mark Waghorne, head of KPMG’s I-4
Programme, told RBI that security must be at the forefront
of retail banks’ thinking if the mobile channel is to maximise its
potential.

Consumers’ security concerns remain
the biggest hurdle to overcome if mobile banking use is to realise
its fullest potential.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Almost half (48%) of the
respondents to KPMG’s Consumer and Convergence survey
cited security and privacy concerns as the main reason not to start
using the mobile channel. The survey covered 9,600 consumers in 31
countries, aged 16-65.

This echoes the findings of another
KPMG survey of banking executives – The Evolution of Mobile
Payments
– where 71% respondents said that security was a
leading concern while developing their mobile service.

Waghorne said: “For retail banks,
the security question will have been in the forefront of design
thinking for this new channel from the outset and, once again, a
fundamental factor will have been, ‘the device is untrusted, the
app must be secured’.”

Trust also continues to be a major
challenge for the financial services industry, the KPMG
Consumer and Convergence survey reveals. Though 56% of
respondents did identify their banks as most trusted with their
data, 30% respondents said they would rather put their trust in
secure payment sites such as PayPal.

Security and privacy were the
most-often cited reason for not using mobile banking in KPMG’s 2010
survey.

The 2011 survey indicates consumer
behaviour might also be impacted by device preference. More than
half the respondents that do not use mobile banking said they
prefer to conduct their banking on their computer rather than any
mobile device.

However, the survey findings reveal
consumers may continue to pay their bills and conduct transfers
using their PC, but prefer to use their mobiles for ‘on the go’
transactions.

Over half of the KPMG survey
respondents indicated they used mobile banking services within the
past six months.

However, another challenge to the
adoption of mobile banking is customer experience.

“While people want to do what they
want, when they want, and from wherever they are, ‘strong’
authentication controls such as hardware tokens, do not make
mobility easy.”

“This is exacerbated where banks
have chosen to use the phone to act as the out-of-band,
second-factor verifier. Security professionals will be asking
themselves whether the mobile device in these scenarios remains out
of band, separate from the mobile banking app.

In terms of threats, the ‘mobile
malware industry’ is in its infancy but fast evolving.

According to a study by Financial
Fraud Action UK, online banking fraud in the UK has significantly
dropped – by 36% in 2010, and a further 32% in the first half of
2011. But part of this reduction may be a result of fraud changing
and becoming sophisticated.

Waghorne stressed that security
solutions over the mobile channel are not straightforward. For
retail banks, thought needs to be given to a range of areas,
including reviewing existing control layers and extending
capabilities to cater for mobile and desktop banking.

“User behavioural analysis and
transaction risk engines should be updated to take into account new
mobile user journeys.

“Compromise detection should be
extended to cater for new threats from mobile devices, while for
native mobile apps, retail banks should look to build in the
ability to authenticate their application at launch to ensure it is
not ‘rogue’ or has not been tampered with.”

There are softer measures, such as
updating customer facing security awareness material to reflect the
use of the mobile channels.

“Different limits could be established, as could the ability to
remove parts of the functionality without removing the entire
service. Operational, security and fraud MI reports should be
modified to capture additional data required to underpin decision
making.”