Banking apps might get worse because of security concerns. How do you strike a balance?

Recent measures to enhance security have rendered mobile banking apps no longer convenient and accessible

Nearly two years ago, Profit did an extensive story on mobile banking applications in Pakistan. Our question was simple, who has the best banking app in the country and what makes the app so good? To get to the bottom of this, our team crafted a series of criteria ranging from UX design to glitches, functionality, and ease of access. 

The results were very clear. After speaking to the experts and conducting thorough research, the number one banking app in Pakistan by Profit’s ranking belonged to Meezan Bank. In fact, Meezan scored an overall 21 points (out of a possible 25 total points) which ended up being the highest. In an article that was fairly critical of other banking applications, we assumed that the digital section of the bank would be pretty chuffed by the review. 

We were wrong. In subsequent conversations with officials from Meezan, Profit’s correspondent was told that the bank thought they deserved to get all 25 of the points that were available. That is how proud they were of their app and confident in the product they had built. 

However, less than two years later, Meezan’s banking app has been the source of great frustration as per some customer testimonials that have come in recent times. And it isn’t just Meezan. Similar complaints have come forward for various banking apps. Almost all banks across the country are trying to strike a balance between robust security measures to keep their clients safe and giving them a seamless experience.

Recent updates aimed at bolstering security have inadvertently disrupted this seamless experience. Mobile banking customers have encountered obstacles in accessing their accounts via their beloved mobile banking apps. The culprit? Enhanced security measures, including the requirement to share location data. Some other measures have also been introduced. 

The allure of mobile banking applications lies in their unparalleled convenience, allowing users to access banking services with a simple tap of their fingertips. Individuals sitting continents apart could seamlessly navigate their banking needs, even transferring funds between accounts in different countries with ease. For instance, a resident of the UK could effortlessly manage their Meezan Bank account or any other local bank account through a mobile application.

But what will happen to mobile banking if this balance cannot be found?  

Possibly the most important factor 

A lot has changed in the financial services realm of Pakistan. Twenty years ago, when a young professional starting their first job or a small business owner went to open their first bank account, how would they know what bank to give their business to? The very basic factors they might have looked at back then is which banks would charge lower fees and interest rates, which bank has better-trained staff, and which bank might offer better security, discounts and services. Realistically speaking, in Pakistan, another concern might have been which bank was close to the person’s house or place of work — considering the hell that is in Pakistan the concept of “kaam sirf original branch sai ho ga.”

Much has changed since then. In fact, for most people hoping to sign up for financial services today the first question they ask of a bank or a fintech is – how easy and reliable is your mobile application? That is because as the ‘banked’ population of the country grows, the demographic of people that need financial services is also changing. This means that there are new priorities. For most people, quick and simple transactions on a reliable mobile phone application are key.

The initial beginnings of it started as access to the internet improved. Since the launch of 3G and 4G services in 2014 in Pakistan, the broadband landscape in Pakistan has undergone significant transformation. According to the Pakistan Telecommunication Authority (PTA), broadband subscriptions, encompassing both mobile and fixed services, have grown remarkably over the last five years. 

Mobile broadband subscriptions surged by an impressive 125%, increasing from 56.5 million in the fiscal year 2017-18 to an outstanding 127 million as of September 2023. Fixed broadband subscriptions also demonstrated reasonable growth, rising by 49%, from 2.3 million in the fiscal year 2017-18 to 3.2 million in the fiscal year 2022-23. The overall broadband landscape, encompassing both mobile and fixed subscriptions, has expanded significantly by 121.6%, reaching 130 million by September 2023, compared to 58.7 million in FY 2017-18. 

These statistics emphasise the growing significance of broadband services in Pakistan’s digitally connected society.

By the end of February 2024, the number of 3G and 4G users in Pakistan increased to 132 million from 128.79 million by the end of January. According to the SBP, Pakistan’s population is 241.5 million. This means that access to 3G/4G has penetrated to almost 55% of the population. 

This permeability has meant that banking through phone applications has become more common. And that is evident from the number of mobile application and internet application users. According to the State Bank of Pakistan, the the number of internet banking users and mobile banking users has increased in the last five years. 

Internet banking users have grown by 25% in the last five years between fiscal year 2018 and fiscal year 2023. Whereas, mobile banking users have grown by a whopping 36% in the last five years between fiscal year 2018 and fiscal year 2023. At the end of December 2023, total mobile banking and internet banking users stood at 16.3 million and 10.8 million respectively. 

As the user base swelled, so too did the frequency and value of transactions. In the last five years between fiscal year 2018 and 2023, internet banking transactions volume and value have grown by 41% and 67% respectively. 

By December 2023, internet banking transactions surpassed 107 million transactions worth Rs 10,035 billion. And these figures represent the culmination of just six months. 

Likewise, over the span of the last five years, from fiscal year 2018 to 2023, the volume and value of mobile banking transactions experienced a meteoric rise. The volume of transactions surged by an astonishing 98%, while the value skyrocketed by an impressive 125%. These numbers paint a vivid picture of an exponential expansion, nearly doubling the growth seen in internet banking over the same period. 

By December 2023, 497 million transactions worth Rs 19,871 billion were conducted through mobile banking. 

Mobile banking applications

As the wave of digitization swept through the financial sector, banks wasted no time in adapting to the changing landscape. Today, it’s almost a given that every bank boasts its own sleek mobile application, to cater to the digital needs of its clientele. Banks doubled down their efforts to meet these evolving demands. After all, it’s these very services that will serve as the driving force behind deposits in the decades to come.

In Profit’s earlier story, we analysed, rated, and ranked eleven different applications used for financial services. Of these, seven are applications that belong to some of the largest commercial banks in Pakistan. These included Habib Bank Limited (HBL), Allied Bank, United Bank Limited (UBL), Bank Alfalah, Standard Chartered Bank (SCB), Meezan Bank, and Faysal Bank. the analysis also included fintechs Sadapay and Nayapay as well as the two largest telco ‘banks’ JazzCash and Easypaisa. 

Read: How good is the bank in your hand?

We devised a simple checklist for services provided by these apps like bank management options, funds transfers, mobile top-up, QR code payments, bill payments, biometric verification, and a customer support mechanism. In addition to this checklist, Profit’s team used each one of the applications and tried out a predetermined set of functions. These included transferring money, paying bills, mobile credit, accessing bank statements, and assessing the response time of the app.

In our analysis, we rated some apps higher than others. The apps that received the highest rating included two mobile banking apps – Meezan Bank, and UBL – among others. The reasoning behind the high rating was simple: these apps were intuitive and easy to use and covered most of the services. In fact,  it is not just who considered these banking apps as better, some of the banks even won accolades for the best digital banking services in recent years including UBL, Meezan Bank, HBL, and Bank Alfalah.

However, recently banking applications have come under the radar for introducing features that hinder convenience for a user and have made banking on the go impossible for users. One such feature, or shall we say hindrance, is the mandatory condition of sharing location while using the mobile banking application. Banks are asking permission to access locations. 

In the case of Meezan Bank, users cannot use the app unless users permit sharing locations. Moreover, if a user wants to add a new payee account, it can only be added through the mobile app. So if someone uses a web application, in other words, internet banking, they would still need to add new payee account information through the mobile app only then can they transfer funds through the web app. Moreover, one needs to wait for two hours to add a new payee. 

Similarly, UBL has also started to ask for locations. If one reinstalls the app, they cannot pass through the login page unless they allow location sharing.

Some of the banks have gone a notch up in-app security. For example, Askari Bank locks users out of the device if the device they use is not biometrically verified in the bank branch or through in-app verification. In the case of UBL, one cannot access the reinstalled app unless the SIM is in the same smartphone. 

These regulations have created problems for banks’ customers living abroad who are unable to access and use the app from outside Pakistan, and are forced to resort to internet banking which again is not convenient as the users cannot add a new payee as mentioned earlier. Earlier we mentioned that mobile banking transaction value and volume have grown at a double the rate than internet banking transactions. However, with these new restrictions, it won’t be surprising to see internet banking transactions jumping up in the coming quarters. 

The restrictions are a necessary evil 

So far we have come to know that banks have incorporated some security measures like mandatory location sharing to access the mobile banking app. But why have they added such restrictions?

Profit reached out to Meezan Bank to find out why this restriction was added. The official bank response was: “The implementation of the NADRA Biometric Verification System (BVS) feature is required as per regulatory requirements outlined in SBP BPRD Circular-4. This verification is necessary to prevent the misuse of the service. The restriction was added to enhance the security of the mobile banking app and protect users’ sensitive information, thereby adding an extra layer of security to prevent fraudulent activities”.

The answer lies in the State Bank of Pakistan’s regulations. In April 2023, the SBP prepared a set of control measures to enhance the security of digital banking products and services. All banks and microfinance banks were advised to follow and implement these controls by December 31, 2023. In case a bank failed to implement these controls, it would be held responsible for lost customer funds stemming from delayed control measures and would be liable to compensate its customers. 

Hence, location sharing is mandated as a regulatory requirement for all banking apps by the State Bank of Pakistan (SBP) through BPRD Circular 4 of 2023. But how does location sharing enhances the security for a bank app user?

As per the bank, the provision of location data assists investigating agencies in gathering evidence following a customer-reported fraud incident. Moreover, it enables banks to verify that transactions originate from the user’s trusted device rather than a compromised device or an unexpected location. This additional security layer aids in mitigating fraudulent activities originating from unknown or simultaneous locations, facilitated by advanced fraud management systems.

It is not surprising that the SBP felt the need for these controls. As digital banking has increased so have the online banking frauds. In the last year alone, over 30,000 complaints of financial scams were registered. As per a report by Express tribune, the most reported cases of cybercrime in Punjab, during the past 5 years, are of financial and electronic fraud, with a rate of 15 to 19 cases per day. A breakdown of the number of such incidents from 2018 to August of 2023 shows that a total of 31,930 incidents were reported in five years: 657 in 2018, 2,005 in 2019, 7,055 in 2020, 9,818 in 2021, 9,492 in 2022, and 10,000 reported until August of 2023.

Therefore the SBP decided to fortify its defences with a series of new measures. While well-intentioned, these regulatory actions have inadvertently complicated the landscape of online banking. In an economy where a significant portion of the population remains unbanked, excessive regulation risks becoming counterproductive, potentially deterring people from embracing the benefits of digital banking. 

Mariam Umar Farooqhttp://profit.com.pk
The author is a business journalist and a member of the staff. She can be reached at [email protected]

2 COMMENTS

  1. Meezan was the most liberal when it came to funds transfer no confirmation or OTP needed – voila. Now it wants to do a biometric on the app – it has completely lost the plot

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Posts