A new Javelin Strategy & Research report reveals layers of paradox involving mobile banking. The first is that what consumers most fear most should not concern them: security. Turns out that mobile banking is not widespread enough to attract the attention of serious fraudsters. The second is that the industry, since it does not yet face a serious threat is not preparing for what is sure to come. They are not gaining the real-world experience necessary for the time when mobile transactions burst into the mainstream. "It's going to happen at the point where it's not just tech geeks like me" using mobile banking, says Tom Wills, a senior analyst with Javelin Strategy & Research. "When my aunts, uncles and grandparents use it, that's when the crooks go after the money."
In its banking safety scorecard compiled in November, Javelin found that just a fraction of the 30 million potential mobile banking customers have signed up for the service, with 47 percent of non-participants holding back because of security concerns - nearly twice the number who demure due to fees or other costs.
What consumers fear most are threats that, generally, haven't developed or might be easily blocked by inherent safety features in mobile devices. Malware is very rare in mobile apps, but 73 percent of consumers fear hackers will gain remote access to phones. Sixty-eight percent fear that data will be stolen via a wireless signal, although information is encrypted. Fifty-four percent cite worries about their phone being stolen.
Those figures may surprise bankers, who have been sold on cell phones' inherent safety advantages, including real-time alerts and authentication features not available in online banking. "The use of transaction level validation is also an advantage," says Wills.
But perhaps consumers are right to be nervous. While theft is not rampant, banks aren't exactly on the ball. Javelin found that 56 percent of financial institutions surveyed lacked strong authentication for their mobile banking systems - even though all 13 major mobile banking platform vendors in the U.S. market offer an FFIEC compliant authentication tool.
Still more paradoxes surfaced in the research. Among all cell phone owners, 49 percent say they believe downloadable apps are the most secure form of mobile banking, followed by 34 percent who choose mobile browsers and 17 percent who believe that SMS text is the safest.
Once consumers have used mobile browsers and SMS for banking, their belief in the safety of the channel rises dramatically. But mobile application users give the channel a lower safety rating than the population as a whole, with just 29 percent of mobile app users saying it's the most secure.
Wills says the data also show banks can potentially build out mobile security and sell customers on the channel with a combination of customer outreach (educating consumers about identity theft prevention and fraud resolution policies), business practices and technical controls (such as encryption, remote device authentication, and even biometrics).
The technical controls Javelin recommends require universal standards be established by financial institutions, platform vendors, carriers and handset manufacturers in order to raise the perception of the enterprise security framework at the institution. "If customers can eventually authenticate to all of their banking applications in a standard way-similar to the way they use four-digit PINs to access all ATMs - it will simplify their mobile online experience and remove a barrier to market growth," the report states.