Bank security, identity management remain touch-and-go
March 27, 2014

Financial services firms have been highly aggressive in their pursuits of advanced banking and transaction technology in the past several years, and as data tends to be sensitive in this sector, access controls have been a focal point of priorities. From mobile banking applications to more advanced ATMs and other machines, these firms need to ensure that all potential endpoints and systems that will handle financial information are properly secured. 

As one of the most common reasons for security breaches continues to be user error or negligence, the trick is to create a set of access controls that are as intuitive as possible, as this will boost engagement and minimize risks. Multi-factor authentication has started to shine through as the most popular and effective way to control access from the ever-expanding variety of devices, applications and networks used to complete transactions. 

App attacks
Several reports have been released in the past few months regarding the relatively horrendous security of applications that are being used on mobile devices, especially those related to banking functions. Now, CNBC reported that iPhones might represent a significant security risk because of un-patched vulnerabilities that are present on a variety of Apple devices, including iPods and iPads. 

According to the news provider, roughly 20 percent of the personal finance apps are using the latest version of iOS, and developers have unlocked a flaw that leaves banking information at risk of theft and loss. It is important to note this represents one of the more common reasons why avoidable events occur: the lack of diligence when maintaining operating systems and applications on personal devices. 

Most updates will include patches that defend against discovered security flaws, and in the instance of this specific iOS issue, as much as 80 percent of users might be at risk because they have not upgraded. The source asked Jake Fuentes, the chief executive officer of Level, about the issue, and how he feels Apple and his firm will need to go about correcting the problem before more significant damages become a reality. 

"We are in a situation where we have a fairly widely known and easily exploitable security vulnerability," he told CNBC. "We don't how much of it is being accessed, but data like your contact information, banking passwords and a lot of other things that people thought was safe, isn't."

Do not phone in access controls
Pedro Pavon, writing for Lexology, recently explained some of the characteristics of commercially reasonable bank security frameworks, which has become an important matter for banks in the United States after a landmark decision in the battle between People's United Bank and Patco Construction. A court ruled that the bank had commercially unreasonable structures in place, and awarded restitution to Patco. 

However, this goes back to the argument of Payment Card Industry Data Security Standards, in that banks should not do the bare minimum and simply hope for the best. Instead, using more advanced authentication solutions and going above and beyond the call of duty when it comes to commercially reasonable frameworks will be a far more effective approach.