A professional view on ebanking authentication: Challenges and recommendations

In current e-banking systems, millions of consumers are now able to conduct financial transactions using a wide range of mobile devices; this growth exposes the system not only to the set of known threats that are now migrating from traditional PC-based e-banking to the mobile-based scenario, but, to emerging threats specifically targeting mobile devices. Considering the sensitive nature of the financial information managed, security in mobile devices has become a major issue. Thus, to be able to provide transaction security, and minimize the potential threats, e-banking systems must implement robust identification and authentication systems (eIDAS). Therefore, this paper analyzes current threats in e-banking. It presents a brief review on the current state of the art analyzing the most popular eIDAS implemented in Europe, through a survey launched by ENISA addressed to security professionals of the financial sector. The most common eIDAS approaches for e-banking, and their suitability against the known threats in terms of related incidents and financial loss, are therefore assessed. Finally, a set of challenges and recommendations to be considered in any eIDAS implementation is introduced.