Smartphones and tablets have become the device of choice for customers to interact with businesses. Modern consumers have become used to seamless online shopping and banking on any device they choose and expect other businesses to follow suit. Apps are the most obvious tool to meet this need. But mobile devices present new security challenges. So how do you make sure your and your customers’ data stays safe?
Why is mobile security so important?
Consumers are becoming increasingly security-conscious when it comes to their online data. After all, they regularly hear about data breaches and security threats on the news. These threats to mobile security are constantly changing. Affected companies have seen share prices plummet and revenue fall due to hacking or data leaks. Because of this, customers have become quite discerning and expect the apps and mobile platforms they use to be fully secure. At the same time, they also expect the utmost convenience. If your app is not user-friendly, customers will refuse to use it and you may lose them altogether.
Security vs. user experience?
To provide a top-notch user experience, app developers need as much flexibility as they can get. Traditional security features tend to be rigid: banking-grade security processes used to produce more of an obstacle course than a smooth registration and login experience, featuring authorization tokens and various passwords and personal codes. But in the end, you are accountable for everything that happens to your customers’ personal data, so control and security are top concerns. Luckily, security and a smooth customer experience are not mutually exclusive nowadays: a good CIAM solution with native mobile security features can offer both.
Mobile devices present unique challenges…
- Devices and operating systems are constantly changing, and your security needs to keep up
- You cannot control the customer’s device, so any security features need to be built into your application
- Authentication can be tricky, since you are not sure who is using the device
- Mobile devices are more vulnerable to theft, which puts data stored on the device at risk
… and opportunities
- Due to their highly personal nature, mobile devices shorten the distance between you and the customer, strengthening customer engagement and loyalty
- Devices offer innovative authentication tools such as fingerprint or facial recognition
- Mobile devices can provide rich insights into user behavior, allowing you to monitor certain risk factors in real-time
How to protect your customers’ data
So how do you go about protecting your customers’ digital information? It all boils down to three steps: identification, authentication, and identity proofing.
Make sure the person who signs up to access your customer’s data is who he says he is. This means your registration process will need to include an identity verification feature. Depending on the level of assurance you need, this could be an existing external identity such as a Facebook account, but you could also choose to use industry identities such as the Dutch iDIN (banking) or even a government-linked identity.
The unique features offered by mobile devices are the perfect tool to help you make sure that the person logging in is the account’s rightful user. Once again, the severity of the tool you choose should depend on the level of sensitivity of the information the user wants to access: does a simple PIN code suffice, or do you need to go biometric with a fingerprint scan? User-friendliness plays into this choice as well, so try to keep in mind how a customer might feel about the level of security his data needs.
To double check the user’s identity after login, you can use a second authentication factor. Ideally this should be done through a different channel than the original login for independent verification of the person’s identity.
The Onegini solution
Onegini’s comprehensive CIAM platform Onegini Connect comes with a built-in Mobile Security Platform. This MSP will help you cover all your bases when it comes to mobile security. To do this, it is equipped with:
- Mobile authentication framework
- Messaging framework
- Device security
- App security
- Data security
- Mobile identity management
Find out if Onegini Connect is right for you; contact us today for a no-strings consultation.