Last updated: 30 June 2014
Mobile is a key part of every bank’s strategy to increase retention of account holders by providing a convenient and secure portal to access services. Mobile banking applications already allow consumers to check balances, transfer money and make deposits while on the go. And many banks are now looking at extending the functionality of mobile banking apps by adding Mobile EMV payments, that use NFC technology. This strategy is a sound one that can help banks build trust and loyalty with their existing customer base while differentiating from competitors to attract new customers.
Banks are in an ideal position for introducing mobile wallets – multiple surveys have shown that consumers trust their banks with their data and favor bank-backed models for mobile wallets over all others. To maintain that trust, banks designing NFC mobile wallets need to make security a key tenet. There are several considerations, but the most important security building block is utilizing the proven security of Mobile EMV.
For example, Mobile EMV utilizing the SE within the mobile device allows banks to securely store wallet applications and payment account details and also securely execute those applications. The process is less complex than it seems; a Trusted Service Manager partner can facilitate relationships with mobile networks, enroll new customers, load information onto SEs in a highly secure manner and help manage the wallet.
Banks should also build additional security features into mobile wallets to increase customers’ confidence in using it regularly, without compromising their ease of use. Some of these include:
- PIN protection. Banks can add PIN protection for another layer of security to the mobile wallet that can prevent access if the mobile device is lost/stolen.
- Remote deactivation of the wallet. Banks should implement procedures where the mobile wallet can be disabled remotely at the customer’s request and/or if the mobile device is lost/stolen.
- Maximum time the wallet can be open. The wallet should automatically lock after being open for a certain amount of time to protect customers should their mobile device fall into the wrong hands. It is important to balance security and convenience with this feature – having the wallet lock automatically after a minute, for example, may be too little time to make a transaction.
- Consumer data storage. Banks should avoid storing any sensitive customer information, especially on cloud-based servers. Storing information in the SE makes this unnecessary, and also makes the bank an unattractive target for hackers.
Lastly, provided the application works reliably, the key to adoption is frequent communication on the benefits and increased security of the mobile channel to conveniently access banking services 24/7.