Feeds

Finance watchdog: Big fingers + tiny mobe screen + banking = doesn't end well

I meant to send £100 to 'The Dev', not £1,000 to Silent Kev

Application security programs and practises

Companies providing mobile banking services must consider how to overcome limitations in mobile device screen sizes in order to help consumers avoid making erroneous payments, the Financial Conduct Authority (FCA) has said.

In an interim report (12-page/724KB PDF) it published as part of its ongoing review into mobile banking, the FCA flagged up a number of risks associated with carrying out banking and payment activity on mobile phones and called on companies involved in providing such services to help tackle and resolve those risks.

One of the issues raised by the regulator was in relation to challenges presented by small screens and keypads on mobile devices.

"While many of these services are relatively new, there is a greater chance that consumers may encounter difficulties using mobile banking, compared with more traditional services," the FCA said. "This could result in consumers making errors, such as paying the wrong recipient or entering an incorrect amount."

"Mobile phones, with their smaller screens and limited keypad, may make these errors more likely, therefore it is important for us to understand how firms are mitigating this risk. We also want to understand whether firms have appropriate processes in place to resolve mistakes if they do occur," it added.

The FCA also raised concerns about the potential for fraud, the risk to data security and the potential for service disruption around mobile banking services.

In addition, it warned that companies face challenges when using third-party providers to deliver mobile banking services and said that companies also need to take steps to meet anti-money laundering rules after identifying potential problems in the verification of payments made via mobiles.

"For firms to comply with their legal and regulatory requirements they must have systems and controls in place to identify, assess and mitigate the risk of financial crime," the FCA said.

"Mobile banking and payments are new services for firms and consumers to access and transfer funds. Therefore we need to ensure that firms have proportionate and risk-sensitive systems and controls in place.

"From our research, we believe this is especially relevant for mobile banking services that are not linked to the customer’s current account. We will consider the extent to which firms should carry out additional checks to verify the identity of the payee and recipient. Mobile banking may also make it challenging for firms to identify and report suspicious transactions," it said.

"We have seen firms take measures to prevent the risk of money laundering through mobile banking and we know that having robust systems and controls can be an effective mitigant against such risks. It is important that these risks are adequately mitigated, especially where firms are moving into more advanced forms of mobile banking, such as facilitating overseas payments," the regulator added.

Banking law expert Tony Anderson of Pinsent Masons, the law firm behind Out-Law.com, said that advancements in technology present a regulatory challenge to banks. He predicted that new product designers will work more closely with in-house compliance and legal teams at banks when developing new mobile banking and payment services now that the FCA is taking a greater interest in the area.

"Changing technology presents both opportunities and threats to banks," Anderson said. "Mobile banking is a feature increasingly demanded by consumers that want the ability to transact on-the-go at a time of their own convenience and banks that get their mobile banking services right, through apps and other software, stand to gain a competitive advantage."

Anderson added: "At the same time, banks need to be sure that they meet all their regulatory obligations when providing services via this evolving technological landscape. How can they be sure, for example, that they can comply with rules around data security when new devices are launched to the market or when users change between handsets?

"The FCA’s review will prompt banks to assess their arrangements with third parties. They will want to ensure that their arrangements with both device and product providers address issues such as the liability for outages and other technological glitches that impact on mobile banking consumers."

The regulator said that it will now analyse how a sample number of mobile banking service providers meet the challenges it has identified in order to establish whether they are "meeting our expectations and treating their customers fairly".

As part of this testing, the FCA said it would evaluate the strategies companies have in place for mobile banking, including in relation to their decision making and product governance. It also plans to look at the way the providers design mobile banking products to see how they address risks that arise, as well as assess how the companies deal with complaints from mobile banking customers.

The FCA will also test whether the information companies are displaying to mobile banking customers is "clear, fair and not misleading, and whether the content is appropriately aimed at the target audience".

The regulator is due to publish a final report from its review before the summer next year.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The Power of One Infographic

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.