Mobile banking to hit 1 billion users by 2017
As uptake of mobile banking services is predicted to reach 1 billion by 2017, banks are starting to view the mobile channel as an indispensable revenue stream, according to Nitin Bhas, senior analyst at telecoms research firm Juniper Research.
Mobile banking services have been around since the late 1990s, but did not achieve widespread success outside of Japan at that time. Now, however, one-third of UK consumers expect to be using smartphones to do all their banking by 2020, while two-thirds of banks expect everyone to be using mobile banking in some capacity by 2017, according to a report published in September by business technology provider Avanade.
This uptick in consumer confidence has been accompanied by a rise in bank offerings. In March last year, UK bank Barclays launched Pingit, a mobile banking service for sending and receiving money. Downloadable as an app, the free service links the user’s current account with their mobile phone number. This enables payments to be sent directly to that account but without the sender need to know anything more than the recipients’ mobile phone number.
Similar growth is found in other European markets. Italy’s mobile payments industry is already picking up – some 19% of Italians cite mobile as their preferred method of paying for goods and services, according to research by ISPO Ricerche. Users were often young (39% were aged 18-24 years), well-educated (37% had a university degree) and successful (32% were managers and entrepreneurs).
“In developed nations where the banked population is approaching 100%, mBanking is largely additive and bank-led, integrating the physical product with the digital in forming a complete banking package, particularly targeting young banking customers who organise most of their lives through the mobile device,” said Bhas. “This has been reinforced by heightened usage of applications and substantial tablet uptake. Consequently, an ultra-developed reality is beginning to materialise, demonstrated by the launch of a completely branchless bank in Japan.”
Meanwhile, in developing countries such as Kenya, where the mobile payments service M-Pesa has some 18 million users, mobile payments have achieved enormous success in banking customers who do not have a traditional bank account. Such services take advantage of relatively high levels of mobile penetration, versus the lack of conventional banking infrastructure. In November, M-Pesa partnered with ICICI Bank to launch in India. Although mobile banking was not new in the country – it began in 2002 with SMS banking – the arrival of the M-Pesa brand was a signal of the potential international providers see in the service. Mobile phones had achieved a 74.2% market penetration in India by September 2012, a figure equivalent to 937 million handsets, according to statistics provided by WCIS World Cellular Information Service.
However, several recent incidents involving financial crimes perpetrated using mobile banking technology have threatened to undermine confidence in the industry. In November 2012, the so-called ‘Eurograbber’ attack used malware to target the PCs and mobile handsets of users, carrying out automatic transfers that varied from €500 to €250,000, according to research by security vendors Check Point and Versafe. The malware included a bot attack known as the Zeus Trojan or Zitmo, which infected computers and mobile devices and enabled the hackers to intercept and steal the SMS messages sent by banks to their customers.
With the stolen transaction authentication numbers obtained by SMS, the criminals could then use the code to withdraw funds from their victims’ accounts. UK bank NatWest suffered a similar problem in September. In the case of NatWest, criminals stole money from customer accounts using ‘Get cash’, a feature of the bank’s mobile app. Get cash worked by letting customers use a passcode created by their online account to withdraw cash via mobile. Although NatWest subsequently withdrew the facility, financial crime and technology specialist NICE Actimize suggested at the time that the hackers likely used phishing emails to extract the code – meaning that withdrawing the app did nothing to solve the underlying problem.
According to Bhas, security companies themselves will need to counter these threats by ensuring that their fraud identification systems transition seamlessly from the online to mobile channels to enable to them track activity such as fake alerts and fake request for account information. App stores should also undertake tougher monitoring and enhanced authority over new app developments so as to respond efficiently to deployments of malicious applications, he suggests.
“Banks need to convince consumers that mobile device security is of the same grade as online security, if not better,” he said.
Fortunately for the consumer, mobile devices often contain technologies such as GPS that track the user’s location, front-facing cameras that can be used for face-recognition, and other biometric tools such as voice recognition technology and in some cases fingerprint technology. In December, Ben Knieff, head of fraud at financial crime and technology specialist NICE Actimize told Banking Technology that mobile banking could eventually become safer than online banking.
“While consumers didn’t like biometrics 10 or even five years ago, rising usage of the technology on sites like Facebook has made it more acceptable,” he said. “Consumer sentiment is changing, and I believe there could actually be an opportunity to use some of these technologies to make mobile banking even safer than internet banking is today.”
The concept of a new kind of payments technology infrastructure is also being supported by defence and security technology provider Thales e-Security. In a recent paper, the firm suggested that established payment firms such as PayPal, Google, Apple and start-up firms such as Square will not necessarily use the phone itself as a security layer – instead they will opt for cloud security.
According to Thales e-Security, the advantages of a cloud-oriented approach are that the user credentials are stored remotely, so less likely to be lost; fees will be more tailored to the consumer; and clearing will be carried out using fast non-card clearing services such as the Automated Clearing House in the US.
“As an industry we have been talking about the arrival of mobile payments for almost a decade now,” said Ian Hermon, mobile payment security specialist at Thales e-Security. “Even though we have seen big players, such as Starbucks in the retail market, invest in mobile payment platforms, we are still a long way off from having one universally accepted model. Whether the industry moves to place its trust in the handset or in the cloud, one thing is for certain: TSMs need to be trusted by all ecosystem participants to guarantee the success of the overall mobile NFC infrastructure.”