In a sense, things have never looked brighter for mobile banking. The shining example at the moment is Apple’s announcement of Apple Pay this week, a huge step forward for mobile payments at the point of sale, which has so far largely eluded financial services providers.
But as the world watches to see how Apple Pay will actually perform in the wild, two notes of caution were sounded yesterday, one from the CFPB and the other from bank consultancy Aite Group.
More Regulation Coming?
Richard Cordray, director of the CFPB, noted in prepared remarks Thursday that “we need to make sure the legal and regulatory framework can keep up effectively” with the rapid growth in mobile banking usage. The comment period for the bureau’s RFI on mobile banking and financial management ended yesterday, Cordray said, and the comments will now be studied. “We also want to know how technological innovations can offer everyone opportunities for real-time money management,” Cordray said. “And we want to know how financial institutions are using technologies to better serve customers.”
The CFPB is particularly interested in mobile banking’s ability to provide the underserved with better tools for managing their finances.
The American Bankers Association expressed doubts about whether mobile banking would lure the underbanked back to banks from payday lenders and pawn shops in its own 23-page comment. “Mobile banking offers limited but not negligible opportunities to attract the unbanked and underbanked to use bank deposit and credit products,” the ABA argued. “Mobile banking will not eliminate all the reasons people choose not to use bank products and services. Moreover, other factors, including costs, compliance pressures, and practical considerations, will need to be addressed as the role of mobile banking satisfactorily expands access to bank products and services to customers generally.”
The ABA is no doubt wary of new regulations on mobile banking to protect the underserved looking to use it, and given the CFPB’s boldness in other areas, this is a valid concern. That the ABA’s arguments, particularly that mobile banking only provides “marginal” cost savings, are tough to swallow doesn’t bode well for its efforts.
Growing Security Threats
A September 11 report from Aite Group, meanwhile, noted that, while the future is “fairly bright” for mobile, “many tried and true attack methods from the online channel also work reasonably well in the mobile channel,” and that the mobile channel is not yet prepared to meet them. In particular, Aite Group notes that while online threats translate well to mobile, “the security solutions that work online will not be universally applicable to mobile.”
One factor Aite cites in the danger to mobile is that “devices are deemed outdated and only minimally supported one year from release.” This is particularly a problem with Android devices, which are typically not updated by users as regularly as iOS devices. Unpatched mobile devices, while posing a threat in an of themselves — as was seen in the recent attack on JPMorgan Chase and others — are also vulnerable to being pulled into mobile botnets, which operate much like old-fashioned botnets made up of desktop devices.
FIs should employ behavioral analysis to detect anomalous transactions, Aite recommends, and ensure there is embedded security in downloadable apps. White-hat hackers should also be employed to test mobile security, according to the consultancy.
Security concerns can be addressed, given the proper care and attention, but regulations are impossible to control. Well, perhaps not impossible — the ABA is likely lobbying now to keep the CFPB away from mobile.