Mobile applications are designed to provide important information wherever and whenever needed. But to ensure that they truly helpful, users must maintain a balance between security and convenience. If you’re searching for a good mobile application for you financial institution, there are crucial issues that must be considered.
First, a person’s bank account or card number is usually used by financial applications to confirm identity. Such data travels the Internet each time a new transaction and balance is received. There is absolutely no reason to send the data over the wire, or worse, to store in on the device. A different key should always be used by applications when identifying a user’s account.
With each mobile banking app installation and activation, additional precautions must be taken so as to ensure the user’s authenticity. Obviously, an email, phone call or text message should never be used for passing a token to the user. Each web service that permits a user to consume data must validate whether or not the requesting device is found on a known device list, no matter the credentials.
Passcode access is yet another important issue. Usually, app users will disable the passcode or PIN access to an application if the security password for their device has been enabled. Ensure that you check your app if users shut off the security settings on the device. If they actually do, they must be immediately prompted to re-enable the settings or turn on the app’s security features. A user doing fund transfers, peer to peer payments, bill payments or RDC has to be revalidated after the action is submitted. This does not slow down user experience, but confirms that the action has occurred. If malicious activity is detected from the side of the web services, the app should ask the user an additional question prior to completion of the action.
In terms of text data storage, native apps can quickly show the account balance, along with previous transactions. If a user opens the app, the data would be refreshed and data that was stored before usually goes into a split database. Many developer tools allow raw access into the deeper database, which may be used to search for data, whether or not the device has a password. This may be used to get to information like account number and the four most recent transactions. Pairing this data with a user’s name and phone number linked to the device in the contacts, permits a hacker to call the financial institution and ask for password reset or to move funds.
Finally, data should be allowed to travel only over a secure socket layer or SSL for encryption. Strength of the SSL Certificate must be 256-Bit Encryption. The native app client must make use of a system that connects to data services without needing to store passwords and usernames on the device, or forward credentials over the wire each time there is a request.
Applications – Getting Started & Next Steps
Figuring Out Apps