Question

The text makes the following statement: however, an implicit assumption is that users {of financial statements} need reasonable knowledge of business and financial accounting matters to understand the information contained in financial statements."

How accurate is this assumption given the increase in mobile banking tools that allow stock other security exchanges by almost any one. Is it the responsibility of the accounting profession to accommodate the new users? What allocation of responsibility is given to the mobile banking tool? How about to the user?

Answer 1

Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet. Unlike the related internet banking it uses software, usually called an app, provided by the financial institution for the purpose. Mobile banking is usually available on a 24-hour basis. Some financial institutions have restrictions on which accounts may be accessed through mobile banking, as well as a limit on the amount that can be transacted. Mobile banking is dependent on the availability of an internet or data connection to the mobile device.

Transactions through mobile banking depend on the features of the mobile banking app provided and typically includes obtaining account balances and lists of latest transactions, electronic bill payments, remote check deposits, P2P payments, and funds transfers between a customer's or another's accounts.^[1] Some apps also enable copies of statements to be downloaded and sometimes printed at the customer's premises. Using a mobile banking app increases ease of use, speed, flexibility and also improves security because it integrates with the user built-in mobile device security mechanisms.^[

From the bank's point of view, mobile banking reduces the cost of handling transactions by reducing the need for customers to visit a bank branch for non-cash withdrawal and deposit transactions. Mobile banking does not handle transactions involving cash, and a customer needs to visit an ATM or bank branch for cash withdrawals or deposits. Many apps now have a remote deposit option; using the device's camera to digitally transmit cheques to their financial institution.

Mobile banking differs from mobile payments, which involves the use of a mobile device to pay for goods or services either at the point of sale or remotely,^[2] analogously to the use of a debit or credit card to effect an EFTPOS payment.

Mobile banking services

Typical mobile banking services may include:

Account information

1. Mini-statements and checking of account history
2. Alerts on account activity or passing of set thresholds
3. Monitoring of term deposits
4. Access to loan statements
5. Access to card statements
6. Mutual funds / equity statements
7. Insurance policy management

Transaction

1. Funds transfers between the customer's linked accounts
2. Paying third parties, including bill payments and third party fund transfers(see, e.g., FAST)
3. Check Remote Deposit

Investments

1. Portfolio management services
2. Real-time stock

Support

1. Status of requests for credit, including mortgage approval, and insurance coverage
2. Check (cheque) book and card requests
3. Exchange of data messages and email, including complaint submission and tracking
4. ATM Location

Content services

1. General information such as finance related news
2. Loyalty-related offers

A report by the US Federal Reserve (March 2012) found that 21 percent of mobile phone owners had used mobile banking in the past 12 months.^[7] Based on a survey conducted by Forrester, mobile banking will be attractive mainly to the younger, more "tech-savvy" customer segment. A third of mobile phone users say that they may consider performing some kind of financial transaction through their mobile phone. But most of the users are interested in performing basic transactions such as querying for account balance and making bill.

Challenge my mobile Number

Key challenges in developing a sophisticated mobile banking application are :

Handset accessibility

There are a large number of different mobile phone devices and it is a big challenge for banks to offer a mobile banking solution on any type of device. Some of these devices support Java ME and others support SIM Application Toolkit, a WAP browser, or only SMS.

Initial interoperability issues however have been localized, with countries like India using portals like "R-World" to enable the limitations of low end java based phones, while focus on areas such as South Africa have defaulted to the USSD as a basis of communication achievable with any phone.

The desire for interoperability is largely dependent on the banks themselves, where installed applications(Java based or native) provide better security, are easier to use and allow development of more complex capabilities similar to those of internet banking while SMS can provide the basics but becomes difficult to operate with more complex transactions.

There is a myth that there is a challenge of interoperability between mobile banking applications due to perceived lack of common technology standards for mobile banking. In practice it is too early in the service lifecycle for interoperability to be addressed within an individual country, as very few countries have more than one mobile banking service provider. In practice, banking interfaces are well defined and money movements between banks follow the IS0-8583 standard. As mobile banking matures, money movements between service providers will naturally adopt the same standards as in the banking world.

In January 2009, Mobile Marketing Association (MMA) Banking Sub-Committee, chaired by CellTrust and VeriSign Inc., published the Mobile Banking Overview for financial institutions in which it discussed the advantages and disadvantages of Mobile Channel Platforms such as Short Message Services (SMS), Mobile Web, Mobile Client Applications, SMS with Mobile Web and Secure SMS.

Security

Mobile banking is more secure than internet banking. Mobile banking can be conducted only from one specific device (smartphone or tablet) which has a SIM card, the phone number of which is already registered with the bank account unlike internet banking which can be conducted using any number of devices connected to the internet such as smartphone, tablet, laptop, desktop computer. In case of internet banking, a hacker needs to steal the credentials (username and password) which is possible by remotely installing a keystroke logging software in the victim's device, where as in case of mobile banking, either the fraudster needs to steal the mobile device which has a SIM card, the phone number of which is already registered with the bank account or steal the phone number using SIM card swapping. If the victim's mobile device is stolen then he would realise it or if his phone number is stolen using SIM card swapping then he would not get any signal on his mobile device and he would realise that something is wrong. But if a victim's internet banking credentials (username and password) are stolen then by the time he would realise it, the hacker would have already hacked into his bank account.

Banks could make mobile banking even more secure if they can make use of the fingerprint scanner on smartphones along with a alphanumeric password to verify the identity of a customer. Thus by incorporating multi-factor authentication, (A) the mobile device (what I have), (B) fingerprint scan (who I am) and (C) alphanumeric password (what I know), banks could make mobile banking even more secure.

As with most internet-connected devices, as well as mobile-telephony devices, cybercrime rates are escalating year-on-year. The types of cybercrimes which may affect mobile-banking might range from unauthorized use while the owner is using the mobile banking, to remote-hacking, or even jamming or interference via the internet or telephone network data streams. This is demonstrated by the malware called SMSZombie.A, which infected Chinese Android devices. It was embedded in wallpaper apps and installed itself so it can exploit the weaknesses of China Mobile SMS Payment system, stealing banks credit card numbers and information linked to financial transactions. One of the most advanced malwares discovered recently was the Trojan called Bankbot. It went past Google's protections in its Android app marketplace and targeted Wells Fargo, Chase, and Citibank customers on Android devices worldwide before its removal by Google in September 2017.^[10] This malicious app was activated when users opened a banking app, overlaying it so it can steal banking credentials.

In the banking world, currency rates may change by the millisecond.

Security of financial transactions, being executed from some remote location and transmission of financial information over the air, are the most complicated challenges that need to be addressed jointly by mobile application developers, wireless network service providers and the banks' IT departments.

The following aspects need to be addressed to offer a secure infrastructure for financial transaction over wireless network:

1. Physical part of the hand-held device. If the bank is offering smart-card based security, the physical security of the device is more important.
2. Security of any thick-client application running on the device. In case the device is stolen, the hacker should require at least an ID/Password to access the application.
3. Authentication of the device with service provider before initiating a transaction. This would ensure that unauthorized devices are not connected to perform financial transactions.
4. User ID / Password authentication of bank's customer.
5. Encryption of the data being transmitted over the air.
6. Encryption of the data that will be stored in device for later / off-line analysis by the customer.

One-time password (OTPs) are the latest tool used by financial and banking service providers in the fight against cyber fraud.^[Instead of relying on traditional memorized passwords, OTPs are requested by consumers each time they want to perform transactions using the online or mobile banking interface. When the request is received the password is sent to the consumer's phone via SMS. The password is expired once it has been used or once its scheduled life-cycle has expired.

Because of the concerns made explicit above, it is extremely important that SMS gateway providers can provide a decent quality of service for banks and financial institutions in regards to SMS services. Therefore, the provision of service level agreements (SLAs) is a requirement for this industry; it is necessary to give the bank customer delivery guarantees of all messages, as well as measurements on the speed of delivery, throughput, etc. SLAs give the service parameters in which a messaging solution is guaranteed to perform.

Scalability and reliability

Another challenge for the CIOs and CTOs of the banks is to scale-up the mobile banking infrastructure to handle exponential growth of the customer base. With mobile banking, the customer may be sitting in any part of the world (true anytime, anywhere banking) and hence banks need to ensure that the systems are up and running in a true 24 × 7 fashion. As customers will find mobile banking more and more useful, their expectations from the solution will increase. Banks unable to meet the performance and reliability expectations may lose customer confidence. There are systems such as Mobile Transaction Platform which allow quick and secure mobile enabling of various banking services. Recently in India there has been a phenomenal growth in the use of Mobile Banking applications, with leading banks adopting Mobile Transaction Platform and the Central Bank publishing guidelines for mobile banking operations.

Application distribution

Due to the nature of the connectivity between bank and its customers, it would be impractical to expect customers to regularly visit banks or connect to a web site for regular upgrade of their mobile banking application. It will be expected that the mobile application itself check the upgrades and updates and download necessary patches (so called "Over The Air" updates). However, there could be many issues to implement this approach such as upgrade / synchronization of other dependent components.

Studies have shown that a huge concerning factor of having mobile banking more widely used, is a banking customer's unwillingness to adapt. Many consumers, whether they are misinformed or not, do not want to begin using mobile banking for several reasons. These can include the learning curve associated with new technology, having fears about possible security compromises, just simply not wanting to start using technology, etc.

Personalization

It would be expected from the mobile application to support personalization such as:

1. Preferred Language
2. Date / Time format
3. Amount format
4. Default transactions
5. Standard Beneficiary list
6. Alerts