MyPrivateBanking Blog
Daily Comments on the World of Wealth Management

Archive for January, 2014

The biggest security risks for mobile banking

Friday, January 31st, 2014

When in December 2012 an estimated 36 million Euros were stolen from of over 30,000 mobile banking app users in Europe, the expected public outcry failed to appear. Although Trojans and other malware have been repeatedly used to hijack user accounts (migrating from PCs and laptops to new devices) those incidents still don’t spark too many concerns for mobile security. As the volume and value of payments flowing through the mobile channel are on the rise, it is likely that hackers will target mobile channels in rapid succession, exploiting users’ outright dependency on handheld devices.


There’s no question that the innovation, product and services development, that is taking place, provides consumers with greater convenience and flexibility. We are used to connecting with friends on Facebook, entertaining ourselves with a quick game and carrying out our everyday banking tasks, using sensitive access data while on the go.

Ensuring that the consumer is appropriately protected in this changing environment is a challenging task for financial institutions and mobile operators. Accompanied by the rapid mobile development, new ways of fraud, breaching security, and other acts of piracy are opening up. The following list illustrates the most common risks today:


Mobility and Convenience

One of the reasons that mobile banking is so popular, is that it can be done ‘on the go’. The immediate access to all our bank information and services meets our need for convenience. This need results in the saving of passwords and user names, which undermines their effectiveness, or even the omission of additional tokens for processing payments. Entering another token might slow the user down, but it adds another layer of security. Losing a device with so little security entails great dangers.


Phishing scams aim to lure users to reveal their private information such as user names, passwords or credit card credentials. By imitating text messages or emails from the bank that contain links to spoofed websites or a request for account information, the user is betrayed into giving sensitive data directly to the thief.

Wi-Fi networks

Public connections are generally not very secure - most places that offer a public Wi-Fi hotspot warn users not to share sensitive information over the network. Many users might be tempted to check their balance while frequenting the coffee shop around the corner.

Several way authorization

While the classic online banking uses an interplay of various channels (e.g. computer and mobile phone, computer and paper-tokens - transaction authentication numbers, computer and token-generator), for mobile banking this is not the case. With a smartphone this protective duality disappears: both credentials (card number/user name and the token) are available on the phone. It is obvious that a stolen phone therefore offers more sensitive data, which can cause a financial loss.


The mobile channel offers a whole new wealth of possibilities for hackers. Trojans that record entire voice conversations, sending them back to command and control the phone, keylogger programs that record every single keystroke the user makes - those are just two examples of malware attacks that are on the rise.


It is therefore the new imperative for financial service providers and banks to shed their widespread ‘wait and see’ attitude and start implementing a comprehensive strategy that includes cross-channel monitoring, development of clear policies and monitoring of the market places where their apps have achieved mass penetration. The solution lies in being responsive to the rapid changes taking place in the mobile landscape - allowing defenses to respond in real time by using big data algorithms. However, the most important and most neglected part of any security strategy must be the education of the client. 99% of all security breaches in online banking are (ultimately) causes by human error and carelessness. So, it was shocking for us when we found in our mobile app benchmarking analyses - over and over again - a lack of security information and anti-fraud education within mobile apps, app store descriptions or on mobile portals which function to make apps more popular. The change of this shortcoming is job number one.


Different shades of technology for mobile apps

Friday, January 24th, 2014

Working on our upcoming report on “Mobile Apps for Financial Advisors” I couldn’t help but notice the ongoing debate about which kind of app to use. At the first glance it’s a fast told story: you can either go mobile with a native, a web-based or a hybrid app.

Native apps are written to their specific platforms like iOS or Android and are easily found in each platform’s app store. Native apps do not depend on Internet connectivity, which is an important advantage for financial advisors - just think about visiting your client at home with your first question being: “How is your Wifi password? My iPad is disconnected!” In addition, native apps allow for the use of elaborate graphics. One of the major drawbacks, however, is that their development is comparatively expensive and time-consuming.

With HTML5-based apps advisors can use their app on any device. Screen size and operating system do not matter. Also, app content can be found by search engines, which pleases the marketing manager. The problem with browser-based apps is, however, that the implementation may vary across browsers and platforms, native device features such as camera or geolocation cannot be used and, because an Internet connection is required, the app performance might be slower and runs the risk of breakdowns. An even more important argument for financial advisors, however, is that unlike native apps, web-based apps lack secure offline storage.

For those who wish to use their device’s features but are looking for a cheaper alternative that works offline as well, there is a compromise: hybrid apps combine advantages of both native and HTML5, though problems might appear due to the fact that they use the browser natively installed on the device, which might lead to differences in the way the content is displayed.

Actually, among the mobile solutions we are examining for our upcoming report there is a colorful multitude of approaches. In the end the wealth manager is spoilt for choice when it comes to priorities: if you want marketing leverage, sophisticated design features and quick penetration of your target client segments you probably better go for native apps. But if you prefer flexibility and lower development costs, a browser-based HTML5 solution can offer you more bang for the buck.


The Robo-Advisor Threat

Friday, January 17th, 2014

The relationship between clients and their financial advisors has undergone a fundamental change within the past few years. While in the past wealthy clients relied heavily on the recommendations of their financial advisors and private bankers, the situation nowadays looks fundamentally different. On the one hand there is the older, yet shrinking client segment that mainly still depends on what their financial advisor proposes while on the other hand a new generation arises, namely that of the young and tech-savvy.

Though (on average) not yet earning the really big money, the urge of moving independently and self-confidently on today’s markets encourages them to deal with do-it-yourself-investments. As this generation has grown up with the Internet and all its possibilities, they know where to find the information and support they need. Most recent developments offer them tools known as robo-advisors that promise to replace face-to-face meetings with costly advisors. These tools help them to build up and manage their portfolio, give recommendations about which assets to sell, buy or to hold, and support personal financial planning. Robo-advisors range from pure technology websites to established financial service companies which are enriching their services by offering online advisory. Probably the best known example in this new, fast-growing space is a start-up company called WealthFront, based in Silicon Valley, which has just surpassed USD 500m assets under management. This trend is also partly triggered by the rise of low-cost, indexed ETFs, on which this younger generation mainly focuses rather than on active investments.

In essence, robo-advisors claim to offer not only substantially lower fees but also (in the long run) higher performance as investment decisions are taken by sophisticated, self-learning algorithms rather than error-prone human beings or investment committees.

So far, robo-advisors have only a miniscule market share in the overall wealth management market. However, we believe that over the long run such platforms could play a much bigger role, threatening established wealth management firms and eroding fee levels. Every wealth advisor firm should very closely watch these new competitors and think about defensive measures.

In the longer-term, it may be even a matter of life and death for established private banks and wealth managers to think about integrating the robo-advisor business model in their own offer for wealthy clients. The personal relationship with clients and their trust is today’s biggest asset of wealth management firms around the globe. But isn’t it true that these relationships and the hard-earned trust have recently been under attack – especially since the financial crisis started five years ago? It is not too farfetched to assume that this erosion will accelerate over the coming years and robo-advisors will play the role of catalyst in this process.

Wealth managers and private banks need to re-invent themselves and think hard about how to integrate elements and ideas of the robo-advisory-model in their own business model. How exactly this might look is the billion dollar question.


What wealth managers can learn from BrewDog

Friday, January 10th, 2014

By Francis Groves, Senior Analyst

One of the success stories of 2013 was BrewDog, Scotland’s largest independent brewery, who managed to raise £4.25 million through its crowdfunding scheme ‘Equity for Punks’, ably supported by its own dedicated Twitter stream, #equityforpunks. It’s a heart -warming story and not just because of the beer! A business dedicated to craftmanship in a small community in a picturesque and remote part of the British Isles makes good with the support of loyal supporters around the world.

However, it does highlight some problems for less colorful players in the financial world. BrewDog’s success in financial AND media terms doesn’t offer helpful lessons for wealth managers just because it’s all to do with popularity. And popularity can be ‘here today and gone tomorrow.’ Not that wealth managers have to be unpopular but, in social media terms, they should aim for stimulating and interesting. Wealth managers need to be involved with social media for the long-haul in a way that matches their business. Because, in all sorts of ways - be it investment as deferred enjoyment, contrarian investing or a wealth management approach that has been refined over decades - wealth management is a longer term business.

And to make a long-term business interesting, it needs to show its customers (through social media) that its changing, developing and growing in a way that reflects its own DNA. To put it another way, wealth managers and private banks should be using social media to allow their clients and potential clients to really get to know them. As MyPrivateBanking have often said this requires authenticity on the part of the wealth manager but clients won’t get to know wealth managers through just a Twitter stream or even their Facebook Timeline. These should be used as pointers to the wealth managers expert blog, video commentary or website corporate social responsibility items.