Why Any New Financial “Super App” Needs Exceptional Security

Samuel Bakken, March 11, 2022

They haven’t yet gained traction in the U.S., but “super apps” like WeChat and Alipay are dominant in China and other Asian countries and are also popular in Latin America. Super apps are smartphone applications that combine many of the most popular apps a person might use – from social media to shopping, payments and financial services, to streaming media and entertainment – into one, all-encompassing app. It’s often described as a closed ecosystem of many apps, or a marketplace of several different mobile services all wrapped up into one popular app.  

Recently, forward-looking companies in the U.S. have started taking steps to build their own super apps, with the hopes of becoming the WeChat of the West. PayPal, Facebook, Walmart and many others have joined a race to create a financial super app that can serve as a one-stop-shop for all of a consumer’s financial needs, from banking and money transfers to P2P payments, financing, and insurance. And it’s not just tech leaders and retail giants making the push to develop the first financial super app in the U.S. Traditional banks are getting in the game. They recognize that in an age of increased competition, providing a more compelling mobile experience with more services under one app can help them achieve greater customer engagement and loyalty. 

However, super apps can also pose increased security risks. Mobile malware attacks are increasing, with 156,710 mobile banking trojans identified in 2020 alone, and many banks remain underprepared for the risks. To successfully bring the first financial super app to market in the U.S., banks will need to strengthen their mobile application security, incorporating new technologies and techniques to ensure security by design.

Why super apps?

Banking and financial services have become an increasingly competitive and crowded industry in recent years. Traditional banks face tough competition from a seemingly never-ending list of new FinTech startups and neo-bank alternatives, all of which have a reputation for providing a better mobile customer experience than their traditional counterparts. Banks have the benefit of being trusted by their customers, but to compete in the digital age, they must invest in new mobile technologies, increase their mobile offerings, and improve their mobile experience so they can attract and keep new customers. 

The typical person spends more than four hours per day engaging with apps on their smartphones, but the vast majority of that gets spent in just a small handful of the most popular apps. Banks recognize that if they can make their app the go-to hub for all of a person’s financial activities – not only basic banking services, but also mobile payments, P2P, digital wallets, financing, investments, and insurance  – they can capture more of that engagement, leading to increased adoption, stronger customer loyalty and brand growth. Although not in the U.S., recent attempts have been launched by European banks such as Belfius and KBC, the latter of which has expanded their banking app to include telecom services and ticketing for entertainment events.     

Super apps benefit consumers, as well, by delivering a better mobile experience with everything a person needs in one convenient place. I’m sure I’m not the only one who gets frustrated having to create separate authentication credentials for my many apps, or flipping through multiple screens on my smartphone to find the app I’m looking for. When all the most important financial functions are consolidated into one super app, consumers can enjoy using a single authentication credential, avoid installing separate apps for every service, and save both time and phone storage space.

A super-sized threat landscape

Despite the convenience and benefits of super apps for both financial institutions and their customers, they also bring new risks. As banks partner with third parties to add more services and offerings to their mobile apps, the attack surface grows, introducing potential vulnerabilities for cybercriminals. Additionally, in the rush to get new offerings and mobile features to market, developers sometimes let security fall by the wayside. Cybercriminals know this and will target their attacks to take full advantage. Therefore, as banks work to develop their super apps, they will need to ensure strong mobile application security is built-in from the beginning.

How to protect super apps from mobile threats

While banks have gained a trusted reputation for strong online security over the years, they have struggled with mobile application security. When it comes to web applications, only a small portion (the front-end code) gets exposed to users, so banks have much more control over the security of the application. With mobile apps, application code gets stored on the user’s device and a bank has no control over the security hygiene of that device. For example, it might be jailbroken, infected with mobile malware, or not keeping up with regular security updates.

For this reason, it’s imperative for banks to protect their apps on the client-side with modern technologies like mobile application shielding and runtime protection. Mobile application shielding effectively insulates a mobile app from threats, even if it’s operating on a jailbroken or infected phone – it strengthens an app’s resistance against intrusion, tampering and reverse engineering. When combined with biometric authentication and other technologies, banks can ensure that their financial super apps are secure against fraud and threats like man-in-the-middle attacks, while maintaining a smooth and frictionless customer experience. In addition to mobile application shielding, banks must also focus on natively integrating strong authentication into their apps. Tools such as digital identity verification, facial recognition, voice recognition, fingerprint readers and behavioral biometrics lets banks quickly authenticate users and securely onboard new customers.    

For banks to effectively compete against new market entrants and mobile-first innovators, they need to invest in expanding their mobile offerings to improve their mobile experience. They need to find the financial super app. By bringing all of a customer’s banking, financial and payment services under one umbrella, banks can position themselves as the go-to app. But to do this, they’ll need to design strong into the app from the start. With technologies like mobile application shielding, biometrics and more, innovative banks can develop the financial super app consumers want while protecting their sensitive financial data from mobile threats.

Mobile App Shielding
White Paper

Mobile App Shielding: How to Reduce Fraud, Save Money, and Protect Revenue

Discover how app shielding with runtime-protection is key to developing a secure, resilient mobile banking app.

Download Now

This blog, written by Sam Bakken, director of product marketing at OneSpan, was first published in SCMagazine on 11/25/2021

Sam is Director of Product Marketing responsible for the OneSpan mobile app security and identity verification portfolio and has nearly 10 years of experience in information security.