Challenger banks are revolutionising the way the banking sector but bring specific security challenges as Ollie Lenthall, Key Account Manager at Jamf, a security software provider, outlines.
How are challenger banks changing the banking sector?
While the traditional banking model predominantly relies on brick-and-mortar operations, challenger banks operate as technology-centric entities. They have embraced state-of-the-art tech stacks which are cloud-native and API-first, enabling them to swiftly adapt and cater to the evolving demands of their customer base.
Challenger banks operate within a disruptive framework, characterised by a commitment to on-the-go financial services. Consequently, the concept of a mobile-first user experience dominates their strategies. This prioritisation ensures that customers are met with seamless and intuitive banking experiences, aligning smoothly with the ubiquity of mobile devices in modern life.
Also, for challenger banks, having an ‘Apple-first’ or ‘Mac-first’ IT approach is common. It attracts tech-savvy talent, especially recent graduates who prefer Mac and iOS devices. For instance, during the pandemic, Starling Bank distributed MacBooks to employees for remote work, ensuring a seamless, secure experience with essential software and robust security. This shift underscores the growing dominance of Apple technology in the finance sector.
Why is the ‘mobile-first’ approach attractive to both customers and employees?
For customers, the mobile-first approach simplifies their banking experience, aligning with the increasing use of mobile devices for various daily activities, from shopping to socialising. It’s a logical step to offer a banking experience that’s as seamless and intuitive as other mobile interactions.
Challenger banks have accomplished this by crafting user-friendly mobile apps enriched with features. These apps are developed on platforms that customers are already familiar with, such as iOS.
For employees, especially the younger demographic, working within a mobile-first or specifically an Apple-centric environment at work feels like a natural progression. The Apple ecosystem offers a sense of familiarity that eases the onboarding process and fosters a more productive work environment. Recent research shows that nearly 90% of Gen Z own an iPhone and 88% wish for it to be their next phone.
Many of these young talents possess expertise in Apple’s programming languages and tools, such as Xcode. They find themselves in an environment where their existing skill set not only remains relevant but is highly prized.
Additionally, the innovative ethos of challenger banks creates a start-up-like culture that many employees find invigorating. There’s a genuine feeling of participating in something groundbreaking, which is a significant source of motivation. This synergy between aligning business technology with both customer expectations and employee preferences serves as a driving force propelling these banks forward.
What security risks do mobile and personal devices in the workplace introduce?
The surge in mobile and personal device usage within the workplace offers enhanced flexibility and convenience but also introduces various security challenges.
One of the biggest challenges is that employees add new devices to the company’s network that the security team might not know. Furthermore, due to the ongoing proliferation of personal devices within the corporate network, the boundaries between personal and business networks are blurred. This might result in creating concealed vulnerabilities that malicious actors could exploit.
Alongside this, challenger banks, which operate predominantly online, face unique challenges. A disruption in their online services can have significant consequences on their operations. This can lead to a poor customer experience and result in financial as well as reputational damage to the bank.
Security on personal devices often falls short of business needs, creating issues with consistent security rules and updates. This exposes them to regulation penalties like GDPR, Payment Card Industry Data Security Standard (PCI DSS) and guidelines set by the Financial Conduct Authority (FCA).
How can organisations effectively communicate and implement the BYOD policy?
Our recent survey shows that 49% of European enterprises lack a formal Bring-Your-Own-Device (BYOD) policy. This means they lack visibility and control over how employees connect personal devices to company resources. The absence of a BYOD policy poses various risks, including data leaks, outdated software, Shadow IT and even physical device loss, endangering critical company data.
Organisations must consider a strategic approach to enrol employees in a BYOD or Mobile Device Management (MDM) programme. They must also address privacy concerns transparently by explaining how data will be handled and security protocols installed on their devices. Additionally, there should be clarity on whether there will be a separation between work and personal apps on their devices.
Users also play a key role in the security solution by following basic management controls and practising good cyber-hygiene. Employees using their own devices must understand the importance of promptly applying operating system and application updates. The BYOD policy should outline the minimum security standards for devices connecting to the corporate network and access should be only granted once these standards are met and maintained.
How can banks enable mobile technology use while maintaining security?
Starting with a Zero Trust model is key to strengthening security without compromising user experience. This model is based on the principle – trust nothing, verify everything. Every transaction, whether from within or outside the network, gets full authentication, authorisation and encryption treatment. This ensures that only verified devices access resources.
Banks can also improve their game by investing in advanced device management solutions. These tools give insights into whether a user’s device is properly protected and encrypted and if the passwords used have any known security issues. They can even spot unusual activities, like sudden data transfers, that might be a red flag for security risks.
But it’s not just about ticking off a checklist of security measures. It’s about creating a full package that combines an effective security stack with employees who have an awareness of security risks. The goal is to weave a tight security fabric so that the whole thing doesn’t fall apart even if one piece gets tugged.