MARKET INSIGHTS

BANKING SECURITY

It’s Time to Rethink Mobile Onboarding

October 27, 2022
Hands holding a mobile phone with online banking app visible, blurry background

To genuinely become mobile-first, it’s time for banks to rethink their mobile onboarding process. Here’s how Wultra can help.

While many banks claim to adopt a mobile-first strategy, many often still connect their mobile applications to internet banking during the process of customer activation and onboarding. This may sound harmless enough, so why is it an issue for customer security?

Text with a quote about a mobile onboarding strategy, Wultra logo

Taking A Trip Down Memory Lane

Think back to 2012 for a moment. This was a time in which internet banking served as a primary onboarding tool. Internet banking was widely considered to be a secure, primary channel, and as a result, it was relied upon to manage most mobile banking applications.

It’s also worth noting that 10 years ago, many early mobile banking projects were still a bit “punk” – that is, not many people knew how to go about building, let alone using them. Many customers remained accustomed to using internet banking on their computers, as it provided a full set of features that allowed them to interact with digital banking to the fullest extent.

Fast forward to 2022: Although it’s a decade later, many banks continue to heavily rely on the use of internet banking as a primary onboarding tool. The big difference is that in today’s digital landscape, it’s becoming increasingly common knowledge that internet banking tools are easy targets for hackers.

Through the use of social engineering and phishing attacks, cybercriminals can efficiently hijack the mobile banking activation and onboarding process through a victim’s internet banking. After pairing the victim’s accounts to the attacker’s devices, cybercriminals can then gain complete control over the victim’s bank account, making it entirely possible to steal both their money and pre-approved loans while leaving behind an audit trail that’s difficult to investigate.

In the Czech Republic alone, the current trends related to internet banking phishing attacks are significant. According to the Czech Banking Association (CBA), there has been a 50% success rate of fraudulent calls in 2022 to date, and the average damage caused as a result of these vishing (i.e. voice phishing) attacks amounts to roughly 10,000 euro per victim.

And importantly, these attacks aren’t going away – on the contrary, they’re becoming increasingly common.

Chart with number of attacks growing from 2020 to 2022

Here’s How Banks Can Protect Their Customers

In response to the current increases in phishing attacks, it’s imperative that banks do what’s necessary to truly become mobile-first. This can be accomplished through looking at their mobile onboarding process through a new lens.

What Should Mobile Onboarding Look Like in 2022?

There are several characteristics of mobile onboarding that’s done right: It should be mobile-only, secure, quick to set up, and passwordless. What’s more, proper mobile onboarding must be phishing resistant, PSD2 compliant, should include strong KYC/AML assurances, and shouldn’t require prerequisites.

User onboarding and authentication flow shown with mobile devices

Furthermore, financial organizations can ensure better customer verification and prevent financial fraud through the use of mobile personal identification (such as a document scan) and genuine presence check (using server-side facial biometrics).

Icons of an ID, human face and a speech bubble, dark background

When it comes to specifics, document scan and facial biometrics solutions should include the following capabilities.

ID Document Scan Requirements

  • The fast and reliable recognition
  • The high-quality image extraction
  • The document authenticity checks
  • The support for MRZ reading
  • The support for NFC-ready documents

Facial Biometrics Requirements

  • Compliance with eIDAS and PSD2 requirements
  • The reliable statistics (FAR, FRR)
  • Facial liveness detection
  • Deepfake detection
  • Secure camera data stream
Animated facial recognition software on a screen of a mobile phone, white background
Advanced facial authentication with a genuine presence check in Wultra’s Mobile-First Authentication.

Key Takeaways

When approaching the task of becoming mobile-first, there are now a number of ready-made components available for banks to build a compliant, user-friendly, and mobile-first onboarding process. At Wultra, we’re glad to assist banks in revamping their mobile onboarding strategies.

Our recent webinar with SME Banking Club explored each of the above topics in detail. If you’d like to learn more, check out the complete presentation or watch the webinar below (the presentation starts at 2:42).

Related articles

CONTACT US

get in touch

Consider partnering with Wultra to meet compliance standards, deliver a secure and seamless user experience, and deliver additional value to your customers while improving your bottom line.

Ondřej kupka
ACCOUNT EXECUTIVE
ondrej.kupka@wultra.com
Picture of Account Executive Ondrej Kupka
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.