Mobile Business Banking Apps Require More Security

Mobile Banking Apps Require More Security

YOUNGSTOWN, Ohio – The director of treasury management at First National Bank in Hermitage, Mark Sullivan, has seen a dramatic shift in business banking customers’ use of electronic systems to remit and accept payments. And while checks are not obsolete, their use is waning. “The movement is strongly in favor of that,” Sullivan says.

“Of the total amount of payments made in the U.S., a higher proportion are now credit/debit card-based or electronic and a small portion are checks,” he continues. “But I wouldn’t look for the elimination of checks anytime soon.”

As customers manage more of their finances online, banks are developing more robust mobile business banking applications so customers can conduct similar transactions on their smartphones. This benefits businessmen who aren’t always sitting at a desk, Sullivan says, but it also necessitates constant vigilance regarding security.

First National Bank of Pennsylvania launched its mobile banking app for commercial banking customers in 2016.

“People are out of the office more and on-site with customers,” Sullivan says. “So they can’t lug around a laptop anymore.”

About 60% to 70% of the bank’s business customers have either implemented mobile banking innovations in technology or are doing so, he adds.

But not every business can. The 30% of the businesses who have not made the transition, Sullivan estimates, either lack the financial or personal resources or have customers who aren’t interested in digital transactions. “Something that has worked well in the past retains a certain support within an organization,” he says.

Still, consumer demand is a big driver for adopting new technology, Sullivan notes.

While he recognizes that there are always early adopters of cutting-edge technology, the businesses who serve consumers “get pulled along faster because their customers are demanding these things,” he says.

Sullivan doesn’t expect the banking industry will mandate a complete switch to digital processes, but says market forces will continue to “drive that evolution.”

Despite this shift toward computer technology, the need for the bricks-and-mortar office has not gone away. In fact, increased automation has helped branch employees offer better customer service, says the regional president of Chemical Bank of the Mahoning Valley, Michael Schrock.

Where customers once processed a stack of deposits at the teller window, remote deposit has become the preferred method.

“Instead of sitting at a keyboard and putting in checks at the window, it gives [bank employees] more ability to counsel the customers and spend more of that time providing quality customer service,” Schrock says.

About 15 to 20 years ago, customers were limited to visiting a branch between 9 a.m. and 4 or 5 p.m., depending on when the bank closed, Schrock says. Convenience, access and a 24/7 ability to make transactions “have really transformed the business banking world” by giving customers access to their funds to whatever they need, whenever they want, he says.

“And they continually want that,” Schrock says. “Once you get that, then it’s about ease of use. Point, click, done.”

Getting to that point requires constant upgrades to the bank’s systems, he says.

This year, Chemical Bank is updating its core processing system to enhance its capacity for both business and personal banking services.

The bank will also roll out a fleet of what Schrock calls “smart ATMs” through 2018 and 2019, which allow for automatic deposits. In other markets, smart ATMs interact with bank-specific apps on customers’ smartphones.

“I don’t know where they’re going to be located in the beginning, but I know that will be happening,” the regional president of Chemical says.

Employee training is expected to translate into better customer service.

Chemical Bank’s branch managers are trained on new products or services, “even on a new twist on a product or service,” says Daniel Segool, assistant vice president and business banking community lender at the Canfield branch.

Segool and his team are extensively trained on all products and services, and Chemical’s information technology department issues a monthly newsletter that alerts readers to all cybersecurity issues the industry faces.

“We rely on our security firm and we listen to what might happen with customers … so we can communicate it to our teams,” Segool says.

With customers becoming more reliant on internet- and mobile-based apps, security is the foremost concern as banks develop more innovative products.

Segool recently spoke with the manager of a prospective business customer who told him that his employees arrived on a Monday morning and found every computer in the building locked out, held for ransom by a hacker in Peru.

The company contacted the FBI, which told them not to pay the ransom. Fortunately, the company’s IT team alleviated the threat.

Ransomware – a malicious software virus that locks a target’s system until a ransom is paid – is usually distributed as an attachment on spam email. Last year IBM reported that ransomware attacks quadrupled in 2016 to 4,000 daily on average, with more than $209 million in ransom paid in the first quarter alone.

“We’re starting to see that more and more,” Segool says. “Then you have all the phishing scams that are out there and we’re always having to warn clients.”

Chemical Bank repeatedly warns its clients not to click on links to “necessary updates” in emails claiming to be from the bank, internet service providers or even the Internal Revenue Service, Segool says.

“That’s not how we operate,” he says of sending emails regarding updates. “You have to be wrong only once.”

Phishing has led to rampant wire fraud “across all industries,” says Brian Jackson, senior vice president and chief information officer at Farmers National Bank, Canfield.

Perpetrators hack customer accounts and send fraudulent emails requesting a wire transfer – a tactic referred to the FBI as “business email compromise.”

In a report released last May, the bureau found that reported cases of business email compromise rose to 40,203 in December 2016, up from 22,143 since May of that year, with fraudsters attempting to steal some $5.3 billion.

“If you don’t have strong internal procedures, you can become susceptible to wire fraud,” Jackson says. “We’re always looking for ways to mitigate those risks for our customers.”

Businesses used to initiate wire transfers with a phone call, he says, but customers demanded faster transfers outside of traditional business hours, prompting banks to roll out more automated online-based services.

Innovations are thoroughly tested and evaluated before they are launched, Jackson says. Banks also employ more security measures to protect their customers – measures that are a mix of modern technology and traditional methods.

“Customers must have a security code to initiate the wire transfer online,” he says. “We’re going to validate that transaction again by calling the customer back so we know that transaction is coming from that person.”

Customers can download Trusteer Rapport software from the Farmers Bank website, which protects the workstation browser against all financial malware. The software works alongside existing antivirus software, which “detects only about 25% of the most popular malware,” according to the Trusteer website.

Real-time transactions are one of the biggest internet-based innovations in business banking, Jackson says.

Last year, Farmers launched its Business Mobile Banking app for Apple and Android operating systems. In addition to benefits such as mobile deposit, monitoring and transfering account balances, the business banking app allows for large-dollar transactions.

Customers can manage and receive alerts and approvals for wire transfers, automated clearing house payments (ACH) and Check Positive Pay services.

Check Positive Pay automatically verifies the authenticity of submitted checks before they’re paid and stops altered or counterfeit checks from clearing the account, he says. ACH Positive Pay establishes approved sources for ACH checking account debits and returns any unauthorized debits.

Farmers works closely with customers to ensure only approved employees can access the app. Jackson emphasizes the need for “unique, authentic and complex” passwords for all of its platforms – at least eight characters, including a combination of upper and lowercase letters, numerals and some special characters.

Real-time transactions play a role in payroll, says Chemical’s Segool. Chemical Bank’s pay card program lets employers deposit an employee’s paycheck to a special account if that employee doesn’t have a checking account.

“If those employees are remote, sending them a paycheck isn’t always especially efficient,” he says.

Even with the innovations, “banking is still a relationship business,” he says.

Banks still need to make the effort to know who their customers are and what they do so they can better answer questions or recommend appropriate technology, he says. This is especially true of smaller businesses that might not have a chief financial officer on staff.

“In the business-banking segment, it is often the owner of the business who’s wearing all the hats,” Segool says. “So that’s where we really feel it’s our obligation to kind of be that CFO for the business and help show them how we can save them some time and save some steps in the process.”

Pictured: Daniel Segool, assistant vice president business banking community lender of Chemical Bank in Canfield and Michael Schrock, regional president in the Mahoning Valley.

Copyright 2024 The Business Journal, Youngstown, Ohio.