The timeline of online banking in the United Kingdom began in June of 1997, when Royal Bank of Scotland became the first bank to introduce this service to its customers. Now more than ever, online banking is considered to be one of the most essential services to individual customers across the country. This has been confirmed by statistics that show a figure of 73% online banking users out of total bank users in 2019. Due to this considerably high proportion alongside the increasing necessity of the internet in our daily lives, it is a service that demands discussion.
When introduced, it allowed customers to access their accounts, change details, and make payments. This new approach to delivering these services gained popularity quickly. However, it was also a prompt for cybercriminals and fraudsters to initiate many different schemes designed to fraudulently access other people’s accounts. The most common form of online banking related cybercrime is phishing. Usually, cybercriminals tend to contact people with a fraudulent email that seeks to gain information about the victim in order to illicitly access information and/or funds.
The increase of banking-related crime is directly proportional to the increase in the use of financial technology in banks and other financial institutions. For example, the introduction of contactless cards required a maximum figure to be placed on the amount that can be charged from the card when the contactless service is used. This is to limit the possible damage that can take place from illicit payment fraud that annually costs both customers and banks a great deal of money.
Although banks have attempted to be vigilant in battling cybercrime, the value of online banking fraud losses in the United Kingdom between 2010 and 2019 still amounted to over £900 million.
The introduction of online banking was a paramount achievement in the industry of Financial Technology, or what is often referred to as FinTech. Firms that use technology to upgrade and deliver financial services such as banking lie in the realm of FinTech.
A notable example of the new services offered by businesses in the field of financial technology is app-only banking or mobile banking. This service is self-explanatory: financial institutions are now offering their customers banking services strictly using mobile applications. This has made physical bank branches redundant. Mobile banking app users will not have to visit a branch and fill out paperwork to open an account, instead using their mobile phone to provide the afore institutions with their details and proof of identification.
App-only banks like Monzo, Revolut, and Starling Bank are all established financial institutions that offer these services in the UK. The Financial Conduct Authority (FCA) has authorised Revolut to operate in the United Kingdom, however they do not have a banking license. On the other hand, both Monzo and Starling Bank are regulated and authorised by both the Prudential Regulation Authority (PRA) and the FCA. This places all three banks under the same level of scrutiny as any other financial institution or bank in the United Kingdom. This also means that the aforementioned institutions that operate with a banking license are protected by the Financial Service Compensation Scheme (FSCS), which was established in 2001 and is fully funded by the operating financial institutions in the United Kingdom.
For example, if an individual named Greg was to experience any fraudulent activity in his bank account resulting in the loss of his funds, and the bank were not able to pay compensation due to its collapse, Greg would be protected by the Financial Service Compensation Scheme. However, the maximum amount that the FSCS will be able to recover is £85000.
Evidence presents a degree of uncertainty that lies within most financial institutions regarding cybercrime, fraudulent activities, and any other related issues that may arise. The FSCS has reported in its 2018/19 annual report that a total of £473 million was recovered to 425,760 customers of failed firms. The following year’s report of 2019/20 has shown that there has been a drastic decrease in the amount of money recovered to customers of failed firms; the FSCS has recovered £50 million to 258,119 people. Although the amount of money recovered in 2019/20 is only around an eighth of the money recovered in the year previous to that, it is distinguishable that the number of people who have been impacted by failed firms to be only a half less than the previous year. This shows that even if less money is stolen than in previous years, it can still impact a large number of people.
How does this correlate with mobile banking?
Since some mobile banking firms are now considered licensed banks, this places them under the same category as any traditional financial institution. Examples of traditional banks are Barclays, HSBC, Lloyds Banking Group, and Royal Bank of Scotland. According to Reuters, these four institutions have the most market share in terms of their total lending. However, this does not mean that they are the most innovative in regards to security features. With mobile banking on the rise, there is a different precedent that has to be set by app-only banks for their service to be considered reliable and safe.
How safe is it?
Firms like Monzo have provided over 4 million customers with a service that is host to new security features that are necessary for an app-only bank. These features include 24/7 emergency human contact through the application, a PIN payment system that also allows biometric verification, as well as a tailored 3D Secure system that has been developed by Monzo.
3D Secure was initially created by Visa to place an additional layer of security on credit/debit card transactions. This technology uses an XML Protocol (XMLP) based code to deliver its purpose. XML is a markup language that allows communication between hardware and software with minimal human intervention. If a Monzo customer decides to make a purchase using his/her account, the 3D Secure system will require them to log into their Monzo account (using their unique passcode or even by using biometric recognition software) which is accessible on their handheld device. Afterwards, there would be a process of verification that Monzo has politely declined to comment on for security purposes. Such a drift from the more common One-time Password (OTP) verification method can be explained by its vulnerability. This vulnerability comes from the ability of cybercriminals to intercept the OTP messages by cloning a customer’s SIM card and then using the passwords obtained to make purchases. The name given to this kind of fraud is ‘SIM swap attack’ or ‘simjacking’. If customers are not using two-factor authentication systems like the OTP, they would not be prone to an attack like simjacking. This is what financial technology like 3D Secure has allowed – mobile-only banks can add sufficient layers of security to provide their customers with financial services without the requirement of physical branches.
In an effort to make an appraisal, I submit a question to the Monzo 24/7 human chat. This was the same query I had in regards to writing this section of the article.
This was the response to my question:
Considering that I have already explained what the difference is, I did not ask any more questions. Nevertheless, this is an excellent portrayal of the momentum of FinTech. It also proves that digitization and the use of mobile phone applications are surely the next step in providing services across all industries and institutions.