Online Banking Growth: New Security Challenges

Over the course of a few weeks, online banking growth became key in every economy.

Not only are we seeing large-scale branch closures, but fears of “infected” cash are prompting a change in how consumers are paying for goods and services.

Electronic payments look more appealing now as a safer alternative to cash. Against this backdrop and with the general upsurge in consumer digital banking, what are the key security concerns for banks?

Security in Digital Banking

Consumers are turning to digital and mobile banking in a big way. In some countries, their Central Banks are even advocating that consumers do so.

For example, in the UAE, the Central Bank has called on bank customers to take advantage of digital and online banking services as a measure to ensure the health and safety of residents amid the coronavirus pandemic.

This digital banking trend is even extending to payments. In Italy, one of the first countries to order residents to stay home in a bid to prevent the virus from spreading, e-commerce transactions have soared 81% since the end of February, according to estimates by McKinsey & Co.

Amidst all the fear and worry that COVID-19 has generated, industry analysts have pointed out the significant opportunity for incumbents to make a move to digital; they feel that the winds of change in consumer behavior might turn out to be permanent.

The Consumer Banking Side

On the consumer banking side, there will undoubtedly be more adoption of online options from traditional banks, and as people self-quarantine, they will probably avoid bank branches too.

The crisis has definitely provided all the ingredients for a move to digital, where we will witness people moving to utilize all forms of digital financial services. In fact, one recent survey found that 84% of consumers expect banks to find ways to maximize digital interaction to keep them safe.

Major neobanks (direct banks that operate exclusively online without traditional physical branch networks) are expanding rapidly.

Neobanks Growth

This is the case with Revolut, which recently launched in the U.S. market; N26, which is seeking to reach more European customers; and Nubank, which is taking Latin America by storm after quickly surpassing 20 million clients.

And we are already seeing signs across the globe of incumbents accelerating their digital presence and the release of new banking applications. For example, South Africa’s Nedbank is accelerating the rollout of its digital strategy across Africa as customers turn away from face-to-face banking.

However, financial institutions are still faced with new challenges as they prioritize the move to digital. This is certainly the case when implementing infrastructure and procedures to allow for online account opening; many financial institutions are challenged to open new accounts completely online, which is certainly a differentiating feature of fintech, challenger, and neo-banks. But perhaps a much more important challenge comes from keeping customers and their data safe.

Insofar as most digital banking providers rely on fast, agile product development to keep up with consumer demand, they often sacrifice security in lieu of a quicker go-to-market.

We’ve seen an increasing trend of banking applications built with JavaScript, a programming language that has a large ecosystem and the practice of reusing code.

The shift to this new application development strategy requires banks to consider a whole host of new security threats.

Web and Mobile Banking Apps Attack Surface

Web and mobile banking apps have a considerable attack surface, even if we discount code vulnerabilities and security testing tools like SAST and DAST.

In that scenario, where the teams that develop banking apps find and fix every single vulnerability in their JavaScript code, it will still be plain, easy-to-understand code.

In much the same way that we can look at this code and understand how the banking application works, so can any attacker. And because these development teams are relying extensively on third-party code, they also need to be prepared to face web supply chain attacks.

And this is where banks must consider this additional threat and ask themselves, “What would it cost us if someone were to tamper with our code to find ways to exfiltrate our user’s data?”.

At a time when so much is on the line, it is by asking more questions and instigating a holistic approach to security that banks will be able to keep their customers safe amidst this unforeseen acceleration in banking digitalization.

To protect the code of your banking platform with Jscrambler, start your free trial today.