Super apps require super security measures
The concentration of financial services within a few critical apps is a cybercriminal’s dream, writes Natalia Karbowska-Niedbala, Cyber Security Product Manager at Comarch.
Super apps sound great for customers, and even greater for cybercriminals. Nowadays, digital banks and fintechs are heading towards a one-stop-shop approach.
Making every financial service available under one umbrella, while being very convenient for the end-user, also makes the perfect target for malicious actors.
Once you set foot in such an open ecosystem, it gives access to a vast amount of customer data and assets like money, loyalty points, and chats with acquaintances. It is now time to consider additional safety measures to keep all this data secure.
Why so super?
We are more than used to having an app for everything. Think of any activity, and you will find an app in Apple or Google store that can facilitate it. But, having separate apps for banking, shopping, digital payments, communication, food delivery, etc. is becoming a thing of the past. We can now observe a booming trend for super apps, predicted by Forrester to double in 2022.
What is a super app? It can be a marketplace of services or simply an all-in-one experience. It’s about combining multiple services and making them accessible in a single application. This trend has already gained significant popularity in Asia—see China’s WeChat or Singapore’s Grab.
But Europe, despite its strict privacy regulations, is catching up. Google and Facebook are strong contenders here, offering food delivery, hotel and flight booking, messaging, payments, and more within their solutions. Let’s not forget about Revolut or PayPal whose offers are expanding as well.
Banking and beyond
The financial sector is not immune to the trend. The new idea of banking assumes partnerships with other businesses to provide customers with a smooth end-to-end journey, while taking advantage of shared data mashups. Since the open banking concept is unavoidable, the competition to create mobile apps that satisfy various financial needs is becoming fierce.
Therefore, financial institutions must choose their path—to operate in the background, as financial service providers to third party super app owners or to create their own financial service marketplaces. To stay on top of the game and retain their customer relations, financial institutions, fintechs and neobanks will have to increase the portfolio of services available in their digital channels.
A new dimension for cybercriminals
When thinking about fintechs and all the fast-growing neo banks, we often think about big, innovative concepts based on a lightweight user-friendly approach. But what seems light and fresh from the end-user perspective, thanks to exceptional UX and well-designed customer journeys, can in fact be a spiderweb of highly complex elements working together in the background.
Open banking ecosystems and super apps aim to make customer journeys frictionless. Still, banks and fintechs have the huge responsibility to make this journey safe. Clients trust financial institutions with their money and they also trust that their personal data is safe and that all the services available under the bank’s super app umbrella are secure. Therefore, it becomes extremely important not to trade security for user experience.
Lock your digital front door well
To protect their digital front door, fintechs and digital banks must turn toward solutions that provide an exceptional level of security. Where end-user application security is concerned, two-factor authentication is a well-known approach. But, though secure, it is not always the best option—it can add a burden to the well-thought-out customer journeys and significantly harm the conversion rate.
This Aite study clearly shows that additional authentication steps can reduce online sales. According to 31 per cent of the respondents extra authentication steps can reduce sales by more than 10 per cent. That is why it’s important to apply security solutions that are unnoticeable but tirelessly operating in the background.
With super apps becoming such enticing targets for hackers, it’s more important than ever to check if customers are who they claim to be and if their devices and application environment are secure. Luckily, all those checks can happen quietly in the background, without your customer even knowing that he or she is wrapped with a soft blanket of this additional layer of extra protection.
It’s no longer a matter of choice to build their trustworthy position, financial institutions, neobanks, and fintechs must invest in solutions that can immediately detect whether a given users’ interaction with the app is deviating from the standard. All this without end users being bothered—they can enjoy their super app experience while being protected from cyber fraud.