Blog article
See all stories »

How to build secure banking apps and digital wallets

Thinkers always win, don't they? Industry leaders who think strategically and plan are more likely to achieve their goals. A product that meets user expectations, ensures safety of their assets and sensitive information is destined for success. Would you like to be the creator of an optimal solution that wins the market and the hearts of your users? If so, I didn't waste my time writing this piece!

Why care about security? Wallets with enhanced security are usually more complicated and not that easy to use, thus not popular among users. At the same time, customers are not likely to entrust their funds to a compromised wallet. The next logical question is: What happens to wallets and banking apps that do not build their product on security as their cornerstone? 

Here are a few security failures that illustrate the consequences of costly mistakes: 

  • Atomic Wallet exploit affected users of various blockchain networks, resulting in $100 million in damage. 

  • Mt Gox Incident led to bankruptcy, CEO arrest, 7+ years of lawsuits and 850,000 Bitcoins loss.

  • Prime Trust went bankrupt with over $76 million in damage, including $38.9 million trapped in the wallet the company lost access to.

These numbers are already pretty impressive and provide good food for thought. To amplify the effect, let’s refer to an incident with a banking app. The PayID data breach affected 92,000 customers. Their full names, PayID nicknames, mobile numbers, BSB and account numbers were compromised. A hint: When analysing security incidents, focus on the failure causes you would like to avoid. All four incidents mentioned have one thing in common: Security was not a top priority in the design stage. 

When we talk about balancing convenience and security in wallet design we should remember that customers and experts have different perceptions of security risk. Even if a product is very safe and reliable, users may still migrate to other apps if the security measures make it inconvenient to use. To reduce potential outrage and balance convenience with security, consider the following steps:

  • Be transparent about security measures and communicate them clearly to users.

  • Make your product easy to use and avoid dark UX patterns.

  • Adapt security controls to user behaviour. Do not forget to test them thoroughly.

  • Use compensating security controls to avoid sacrificing usability.

  • Provide user support and education about best security practices.

  • Protect the whole ecosystem by carefully vetting third-party modules and apps.

  • Engage security experts.

  • Cooperate with experienced companies to perform quality security assessments of your product.

If you want to create a resilient banking app or e-wallet which is less susceptible to security breaches, data leaks, cyber threats etc., my advice: adopt the security-by-design approach. This is how you can create a final product which is secure from the ground up. The additional benefits of this approach, that come along with the already mentioned ones, are improved security posture, reduced security cost, and finally - customer trust and retention. Sounds good, huh?

To cut a long story short, understanding the trade-offs between security and usability is a complex task that requires skills and knowledge. This is also true for building an optimal market solution. Understanding your limitations and vulnerabilities, making security the cornerstone of your product, and engaging with the appropriate professionals for collaborative efforts is the answer.  

6238

Comments: (0)

Pavlo Farb

Pavlo Farb

Security Engineer

Cossack Labs

Member since

11 Jun 2021

Location

London

Blog posts

16

This post is from a series of posts in the group:

Digital Banking

How mobile banking can unlock real financial progress


See all

Now hiring