The digital direction of payments presents both a challenge and an opportunity for mobile product owners and developers. People expect a flawlessly secure and user-friendly experience when they conduct financial transactions using a mobile app.
Cash may still be the most secure form of money exchange, but only 9% of cyber security pros said they actually prefer to pay with old-fashioned bills, according to a survey from ISACA, a nonprofit cybersecurity group. For accessible financial services anytime, anywhere, mobile customers are making the tradeoff.
An American Bankers Association (ABA) survey found that 21% of consumers have used a mobile app to make a payment, but only 11% actually trust alternative payment providers to protect their money and personal information.
With enhancements being developed faster than ever in the mobile payment industry, here are some tips for keeping your customers’ data secure on mobile and making sure they understand that their digital safety matters to you.
1. Don’t keep data longer than necessary
The main worry for many mobile users is that they can’t control where their data goes. Are they only sharing it with your app, or is it also being shared with third parties? How reliable are those third parties’ data security measures? These are the questions that consumers are starting to consider more seriously.
If you’re storing data on the customer’s mobile device, be sure to protect it properly with encryption, especially if some of the data you’ll be storing on the device includes the customer’s personal information.
A few years back, white hat hackers uncovered that one of the most popular apps for mobile payment aficionados was storing personal information in clear text that could be easily accessed. Luckily, that problem was fixed swiftly after it was uncovered, but the lesson is a good one for any app creator — store your customers’ data in a secure way.
2. Have a privacy policy
Making your app secure for financial transactions is just half the battle. Making sure your customers know it’s secure is the other half. You should always include a privacy policy within your app that allows your customers to know how their data is being handled.
PayPal-owned mobile app Venmo has come under pressure in the past for reported security holes, one of which being the basic inability to notify users if their personal data had been compromised.
The free-to-use platform, founded in 2009 as a payment system through text message, has since worked to make “significant” progress in this area and promises to credit money back into a customer’s account if notified within two business days.
“If customers don’t feel like they’re secure they won’t use the application,” said James Wester, a mobile payments analyst at IDC. According to PayPal, Venmo grew person-to-person payments by 213% in 2015—totaling $7.5 billion—which makes up 18% of PayPal’s total person-to-person payment volume.
Being clear about your data security policy is often a requirement of many compliance and risk management certifications.
The Credit.com app includes a privacy policy in its menu that explains what information is collected, how third parties are involved in the use of that data and what customers can control in how that data is used.
The Spendbook app, popular among budget-conscious consumers, requires users to re-input their personal login every time they use it—a feature designed to further prevent the loss of personal financial information.
3. Use strong authentication
A Hong Kong-based center for computer security uncovered a massive issue this fall with a protocol originally designed to serve the authorization need for 3rd party websites. The issue lay with OAuth 2.0, a standard that lets users use Google or Facebook accounts to verify their logins.
The vulnerability presented a method for hackers to use an app to sign in without the user’s knowledge. In an attempt to make signing up and logging in easier for users by allowing them to make use of existing Google or Facebook accounts, vulnerabilities were created.
Be sure your authentication protocols are strong and monitored often for implementation flaws.
4. Listen to your customers, even after you’ve launched
Closely monitor your customer feedback to track for any common issues that may point to vulnerabilities. Stay on top of release schedules and new versions of your security libraries so you can make updates often and early.
Update your privacy policy regularly and make changes to your data protocols as you implement new third-party vendors. It’s important for your customers to be up-to-date on what’s changing within their cadre of finance apps.
In conclusion
The average data breach cost $4 million in 2016, according to the most recent IBM Cost of Data Breach Study. That’s a big price to pay when compared to the cost of maintaining your vigilance and updating your security standards after the launch.
Fintech’s fast pace pushes developers to be as proactive as possible in their efforts to meet evolving security demands. If your mobile fintech app is making you money, investing a small portion of that into upkeep is absolutely necessary.