Introduction – Data Security System
Mobile adoption is becoming increasingly imperative in different sectors due to the significant role that it plays towards interfacing the organization and the customers. The financial sector is one of the industries where mobile applications have made inroads. However, the inherent risks provided by these platforms cannot be underestimated. Most organizations provide both employees, and customers access to internal systems through mobile platforms, and due to such reasons, each application comes with predefined security mechanisms that deter illegal usage (Fried, 2014).
Proposed System – Mobile App Design
The proposed application is a mobile app designed for a micro-finance institution. The primary purpose of the application is to provide an interface between the financial entity and its customers. Through the application, clients can transfer funds to other bank accounts, request for cheque books, buy airtime, check account balances or request for their financial statements. Besides, the application can also be used as a teller machine whereby the account holder visits an agent before withdrawing or depositing cash the traditional way as in a banking hall.
However, the success of such an application is evaluated using different metrics such as reliability, ease of use, and security. However, it is the level of security that defines the robustness of such financial applications. The financial industry is one of the sectors widely affected by the rampant security breaches. Due to surging mobile application usage, there has been a corresponding rise in the number of cyber crimes that are targeted to customers of financial institutions and statistics indicate that more than 12 percent of the 350,000 mobile app variants contain some forms of malware or suspicious codes.
One of the most practical approaches towards enhancing an app security is to secure services to which the apps connect. Often, service providers and system developers fail to provide such security mechanisms. Besides, most apps are developed using poor programming practices hence exposing the App’s anatomy whereby through “black hat” techniques it becomes possible to exploit the customers through several vulnerabilities.
Below we are going to present the proposed security mechanism ideal with a mobile financial application
In the App to be developed the security scheme comes with several layers of protection. Immediately information is entered into the app, the information is verified by passing through a firewall. The verification technique is designed to prevent session hijacking, cooking replay attacks and also to deter sensitive personal information from being exposed. For instance, if a user enters the login credentials, it is only the user name that is visible, but the passwords are concealed through series of asterisks (*****) to prevent accidental leaking of the information to unauthorized users (Mu & Varadharajan, 2015).
After the information is successfully entered, it is validated by use of different criteria including assessing whether the device that was previously used to login into the portal is the same device. Such information is cross-checked by analyzing the previous Internet Protocol (I.P) address used and trust certificates from the machine. If the information does not correspond, the system automatically asks the users to complete some series of security checks such as entering the social security number, date of birth, or even a random digit sent to the credit/debit card associated with the apps account number.
After as user is verified, their activities are also analyzed. For instance, if a user logs in and goes directly to the withdrawal of funds yet in most cases they spend time with their app in paying bills and monitoring their spending, a red flag is issued. The system will also evaluate the person whom the funds are being sent, and if the money seems destined overseas, the system automatically shuts down until one of the customer service representatives calls the customer through their official mobile number to verify the validity of the transaction.
Besides, information such as the available account balances and the previous transaction statements shall be encrypted so that if any user tries to view such information, they are queried using series of questions that they must be given a correct response to being granted access to these particular sections of the portal.
Besides a proactive security design, numerous security patches will be released periodically depending on the time vulnerability is identified in the industry. Customers will also be educated on different concepts on how best to protect their devices including installing anti-malware and spyware systems, only downloading the app from credible sources, avoiding public internet hotspots and using a combination of digits, characters, and alphabets in generating hard to crack passwords (Raggo, 2016).
Going by the proliferation and diffusion of mobile devices, the security of these gadgets is no longer an exception but the rule. The traditional theft of mugging has taken a new dimension, and today the crooks have become more digital. They no longer depend on conventional weapons to commit a crime rather what they need is an armory of digital tools. With these apparatuses, it is possible to withdraw a client’s money. Therefore, mobile app security is integral towards the success of the banking system security protocol.