Super apps have taken the world by storm with companies like WeChat, Alipay, and Grab already dominating the Asian market and making headway into the West. The race is so fierce to meet consumer demand that tech giants like Uber, Paypal, and Facebook are in the works building super apps of their own.
Before the tech giants are able to take over the American market, banks have been quick to join in the game versus playing it safe by standing on the sidelines and seeing what happens. In order to attract new business and maintain their customer base, banks need to offer a wide variety of services on their mobile platforms.
This is all in effort to earn that coveted spot of being on a person’s home screen and one of the, on average, nine apps that they use on a regular basis. On top of that, when customers interact with a bank’s app more frequently, they get to know them better (or at least their data). More data means more insight into what products and services to offer at what time, and how to enhance the overall customer journey.
Data privacy and security in super apps
While the growing super app trend is very exciting for enhancing the user experience, as well as company bottom lines, risk management against fraudsters needs to be at the forefront of development. The risk of being attacked inside a super app is much larger than a single-purpose app.
Super apps are a goldmine of information compared to a single-purpose app, making it that much more lucrative to criminals if they are able to get access. Sensitive personal identity information super apps collect include contact lists, IP addresses, chat histories, web search terms, bank details, transactions, and more.
By design, super apps integrate and heavily rely on external, third-party features like mobile payments, loyalty programs, money transfer, and mobile wallets. There is little to no control over how these third-parties use or protect a person’s data. For every merchant and technical partner connected to the super app, each differs in how they store and share personal information. Adding all these apps into one basket means an increased level of risk in exposing APIs, potentially incompatible security models, and the leaking of sensitive data. Additionally, just like with any other app, super apps cannot guarantee that it is being used by a real person on a real device. There are a myriad of ways to hack the system and break into these independently operating components.
Increasing security measures in super apps
Mobile malware attacks are increasing, with 156,710 mobile banking trojans identified in 2020 alone. In general, many banks remain underprepared for mobile risks. By entering into the super app market, banks are exposing themselves and their customers to even greater threats. To successfully bring the first financial super app to market in the U.S., banks need to strengthen their mobile application security by incorporating new biometric authentication technology and techniques.
Multi-factor and passwordless authentication is a company’s best bet for securing their apps from fraudulent activities and attacks. The downside is that greater security can strongly interrupt the customer’s experience on the app, even to the point of abandonment. In a survey conducted by the Aite Group, a third of respondents predicted that a stronger customer authentication process would lead to a 10% decline in e-commerce conversions. In order for super apps to offer seamless customer experiences, businesses need to strike a balance between protection and ease of use.
Striking a balance using biometrics
It’s common nowadays for anyone with a smartphone to be able to access their device with fingerprint authentication or face id. Biometrics is the use of these unique biological markers as a means of identity verification and authentication. As of late, biometrics has evolved to include more advanced physical (e.g. retina, vein patterns) and behavioral indicators (e.g. gestures, keystrokes, signatures) to verify and authenticate a person's identity. With biometrics becoming more affordable and secure, this technology is becoming the preferred security measure.
The same mentality applies to super app security. Biometric verification provides an extra layer of user authentication without the added layer of unnecessary friction. While static passwords and one-time passwords account for 45% of cart abandonment cases, that figure is less than 5% for biometric security methods. IT leaders also have faith in the technology, predicting it to be the dominant authentication method for financial transactions within the next 10 years. It’s a key component in reducing the trade-off between fraud, security, and customer experience. It’s super security for super apps. As an example, WeChat has already implemented biometrics, specifically facial recognition, into their platform as a means to authenticate its users before transactions are finalized.
The dark side of biometric data
To some, the use of biometric data in everyday life may evoke anxiety, and for good reason. It’s increasingly evident that biometric systems, such as facial recognition technology, result in high levels of demographic and racial bias.
Yes, bias can occur even within an algorithm based, machine learning operation. It becomes obvious when you consider how an automated biometric system works. A capture device (e.g. a camera) acquires a biometric sample (e.g. an image), which is then passed on to signal processing algorithms that extract regions of interest and distinguishing features (e.g. a face) in order to analyze the quality of the sample. Afterwards, comparison and decision algorithms determine the similarity of the sample to an image/template previously stored in a database. Unfortunately, many of those databases lack diversity. These programs have been shown to exhibit some degree of bias towards specific demographics, including females, dark-skinned ethnicities, and youths. This can lead to the wrongful exclusion of customer access to essential banking services like credit cards, insurance plans, and loans.
Biometric technology is taking us into the future of digital identity and protection, but it has its advantages and disadvantages. To be most effective, biometric solutions need to be paired with other means of authentication, such as document authentication, in order to compensate for these continually developing algorithms.
What’s next for super app security?
As consumers rely more on our devices and spend more time in the digital space, they are also asking for more from their apps—more features, more convenience, and more security. Whether banks or financial service providers decide to develop their own super apps in order to expand their portfolio of online services, or partner with businesses that are further along the super app road, they will need to ensure the security and privacy of customers’ data. The concentration of financial services within a few critical apps is a cybercriminal’s utopia. But with multi-factor or multimodal biometric authentication solutions like biometrics, the wall of security will be incredibly tough to break through. The power of a super app must not lie in its usability alone, but also in its well-designed security systems. Without it, businesses and consumers alike cannot truly accept in confidence that these all-in-one platforms will actually enhance the digital experience and overall journey.