Bob enjoys watching his local minor league baseball team. At a recent game, he watched the boys of summer play their arch rival. In the bottom of the 5th, with two men on, two men out, the team’s best hitter steps to the plate. Bob planned to head to the concessions for hot dogs and beer after the inning, so he took out his phone and logged into his mobile banking app. He needed to have enough on his debit card to cover his snacks.
Suddenly, the crack of the bat and a blast across the fence scored three runs! Bob set his phone down to stand and cheer his team. After the excitement, he looked around and discovered his phone was gone!
Now a bad guy has complete access to his bank accounts.
Consider, what could a thief do with a stolen phone logged into your mobile banking app? Transfer funds out to another bank, set up a bill pay recipient and empty the account, or cause other problems? How long would it remain logged in? What safeguards protect the account holder and the institution?
Just to check, take out your phone and log in to your mobile banking app and scan the functionality as if you were a hacker. How could a hacker steal money from the account?
A logged in device remains the easiest hack into your systems. And getting a user name and password is not that difficult. The annual Verizon Databreach Investigation Report once again shows "63% of confirmed data breaches involved weak, default or stolen passwords." http://www.verizonenterprise.com/verizon-insights-lab/dbir/
Biometric user verification can significantly enhance the protection of your mobile apps. It offers the two critical features for maximum protection that simple credentials miss: transparency to the user and continuous security.
Superior applications deliver functionality that is invisible and non-intrusive to the end user. Logging in should appear as a single step, with multi-factor protection running in the background giving a fast and secure user experience.
Continuous security verifies the user multiple times during the session ensuring security if even the device falls into the wrong hands. While a user name and password allows access to the app, it can't guarantee the actual user identity. Biometrics can.
Consider biometric user authentication to increase your cyber security. Don't let inferior mobile device security ruin the ball game for you.