Neobanking refers to a growing wave of 100% digital banks, which are customer-driven by nature and with a special focus on delivering frictionless money management and payment experience.
Of course, internet security remains a key concern, from everything to monitoring by the banks themselves, to ordinary consumers sensibly using the best antivirus.
Globally, it is estimated that 73% of all consumer interactions with banks are done via digital channels and, in the UK, 13% of consumers have already taken the plunge with Neobanking.
Neobanks challenge incumbents in the financial services industry by relying on technological breakthroughs and constant updates to provide features and services that rival, and often surpass, those offered by the bricks and mortar banks.
And whilst Android apps and iPhone apps for banking are still not up to par compared with those offered by traditional banks when it comes to payments, they are quickly catching up. Beyond that, they beat their traditional counterparts in other areas such as money management, customer interaction and account management.
About the author
Pedro Fortuna is the CTO at Jscrambler.
They can also rely on third-party integrations to save time and money, while also keeping the flexibility to iterate according to customer demand. With the bigger focus on user experience, it’s no surprise that generally neobanks’ satisfaction ratings exceed that of the top global banks.
Importantly, however, customers state that ensuring that their transactions are secure remains a number one priority when they choose a bank. Even though Neobanks are usually less risk-averse than traditional banks, they must still address customer security as a priority.
And herein lies a paradox of sorts. As competition between Neobanks rises and in order to overcome the great market share and investment power of incumbents, they turn to rapid, iterative software and mobile app development to quickly release features and surpass customer expectations.
For Neobanks, the attack surface is considerably higher, with the main threats including automated abuse, intellectual property theft, and data exfiltration (namely via web supply chain attacks and banking trojans).
Minimise the attack surface area and build customer trust
The OWASP Mobile Top 10 (which details the 10 biggest application security risks for mobile apps) raises the concerns of code tampering and reverse engineering. For the former, OWASP points out that, “The mobile app must be able to detect at runtime that code has been added or changed (…) The app must be able to react appropriately at runtime to a code integrity violation”; for the latter, the takeaway is quite clear — in order to prevent effective reverse engineering, you must use an obfuscation tool.
Data breaches are another massive concern. Current research shows that consumers tend to trust Neobanks less than traditional banks. For Neobanks, building trust is a complicated and long road, and so the chances of incurring a data breach must be mitigated to a maximum. Attacks such as web supply chain attacks are especially more prevalent for Neobanks as they rely much more on third-party code as compared to traditional banks.
Whilst a first-party data breach most often requires attackers to infiltrate a database, third-party data breaches originate from attackers going after the enterprise’s smaller, less secure providers which are the weakest link in the supply chain — hence the term Supply Chain Attack. Web-based Supply Chain Attacks thrive because it’s easy for attackers to find a poorly secured third-party that is used by one or several enterprise businesses.
Current security approaches, such as using a Web Application Firewall, CSP, and SRI, still fall short in providing a holistic solution to mitigate web supply chain attacks. A more robust approach is to monitor webpages in real-time to detect any malicious changes to the code and block them at their inception.
Pedro Fortuna is the CTO at Jscrambler.