Bangerter, vice president of e-commerce and Internet services for UW Credit Union in Madison, Wis., says many U.S. banking institutions have too quickly jumped onto the mobile-application bandwagon. Apps pose risks for users, and unforeseen authentication challenges for the institutions that offer them, he says in an interview with Information Security Media Group.
"If there are security issues in your app and you have to issue an update and require people to update their app, that creates a security issue," Bangerter says. That means banking institutions have to rely on app developers to issue updates - a process that can take several days to weeks - and then hope all of their mobile users update their devices, he says.
If mobile banking users don't update the mobile apps on their devices when updates are issued - and if those devices also store unencrypted account or personal information on the device or in the app - the security risk magnifies, Bangerter adds.
"And the new requirements from the FFIEC for multifactor authentication mean you have to build all of that into your application," he says.
Innovations in mobile Web browsers are quickly replacing the need for mobile apps, he says. UW Credit Union, which has 36,000 mobile-banking users, is using a home-grown Web-based platform.
"Apps take time to be updated," Bangerter says. "That's not acceptable for us. We like to move quickly. ... There are no new risks posed by our Web-based mobile banking."
During this interview, Bangerter discusses:
- The compliance challenges mobile apps pose, from an authentication perspective;
- Why new innovations in mobile-based Web browsing have negated the need for mobile apps;
- How building mobile platforms in-house can provide more agility and strengthened security.
Bangerter has been with UW Credit Union for 11 years, first serving as the credit union's director of Internet services. His current responsibilities include online and e-commerce strategy, implementation of new online services and features, and managing a team of in-house developers.