To genuinely become mobile-first, it’s time for banks to rethink their mobile onboarding process. Here’s how Wultra can help.
While many banks claim to adopt a mobile-first strategy, many often still connect their mobile applications to internet banking during the process of customer activation and onboarding. This may sound harmless enough, so why is it an issue for customer security?
Taking A Trip Down Memory Lane
Think back to 2012 for a moment. This was a time in which internet banking served as a primary onboarding tool. Internet banking was widely considered to be a secure, primary channel, and as a result, it was relied upon to manage most mobile banking applications.
It’s also worth noting that 10 years ago, many early mobile banking projects were still a bit “punk” – that is, not many people knew how to go about building, let alone using them. Many customers remained accustomed to using internet banking on their computers, as it provided a full set of features that allowed them to interact with digital banking to the fullest extent.
Fast forward to 2022: Although it’s a decade later, many banks continue to heavily rely on the use of internet banking as a primary onboarding tool. The big difference is that in today’s digital landscape, it’s becoming increasingly common knowledge that internet banking tools are easy targets for hackers.
Through the use of social engineering and phishing attacks, cybercriminals can efficiently hijack the mobile banking activation and onboarding process through a victim’s internet banking. After pairing the victim’s accounts to the attacker’s devices, cybercriminals can then gain complete control over the victim’s bank account, making it entirely possible to steal both their money and pre-approved loans while leaving behind an audit trail that’s difficult to investigate.
In the Czech Republic alone, the current trends related to internet banking phishing attacks are significant. According to the Czech Banking Association (CBA), there has been a 50% success rate of fraudulent calls in 2022 to date, and the average damage caused as a result of these vishing (i.e. voice phishing) attacks amounts to roughly 10,000 euro per victim.
And importantly, these attacks aren’t going away – on the contrary, they’re becoming increasingly common.
Here’s How Banks Can Protect Their Customers
In response to the current increases in phishing attacks, it’s imperative that banks do what’s necessary to truly become mobile-first. This can be accomplished through looking at their mobile onboarding process through a new lens.
What Should Mobile Onboarding Look Like in 2022?
There are several characteristics of mobile onboarding that’s done right: It should be mobile-only, secure, quick to set up, and passwordless. What’s more, proper mobile onboarding must be phishing resistant, PSD2 compliant, should include strong KYC/AML assurances, and shouldn’t require prerequisites.
Furthermore, financial organizations can ensure better customer verification and prevent financial fraud through the use of mobile personal identification (such as a document scan) and genuine presence check (using server-side facial biometrics).
When it comes to specifics, document scan and facial biometrics solutions should include the following capabilities.
ID Document Scan Requirements
- The fast and reliable recognition
- The high-quality image extraction
- The document authenticity checks
- The support for MRZ reading
- The support for NFC-ready documents
Facial Biometrics Requirements
- Compliance with eIDAS and PSD2 requirements
The reliable statistics (FAR, FRR)
Facial liveness detection
Secure camera data stream
When approaching the task of becoming mobile-first, there are now a number of ready-made components available for banks to build a compliant, user-friendly, and mobile-first onboarding process. At Wultra, we’re glad to assist banks in revamping their mobile onboarding strategies.
Our recent webinar with SME Banking Club explored each of the above topics in detail. If you’d like to learn more, check out the complete presentation or watch the webinar below (the presentation starts at 2:42).
Subscribe to Our Newsletter
To stay in touch with us, simply fill in you e-mail address and never miss a beat.