Citi's confession this week that a glitch in its iPhone application was saving customers' personal information on their phones was a wake-up call for other banks who customize or develop their own mobile banking code, according to Alex Kwiatkowski, principal analyst - financial services technology at Ovum, who spoke to us this morning.The Citi event was not the crisis the media made it out to be, we agreed. The bank immediately created an upgrade to the software that fixed the problem and sent out letters advising customers to download the new version, with an explanation of why. "In the grand scheme of things, Citi's reaction was exemplary," Kwiatkowski says. "It's a good example of what to do when something goes wrong. Their actions leading up to that, not so much," he says, referring to the fact that, naturally, it would have been better if the bank had tested the application enough to see the problem before releasing it.
This incident should serve as a warning to other banks who don't want to be subject to the kind of negative headlines and customer concern Citi has suffered this week. In all the momentum that's been accelerating mobile banking releases, "we must never suspend reality and forget security in banking transactions," Kwiatkowski says. "The minute that principle is forgotten we find difficulties. It's a good reminder to banks to do their technological housekeeping."
Most banks get their mobile banking applications from specialized vendors such as mfoundry, Clairmail, Obopay, and Monitise, as well as from core banking providers such as Fiserv who have added mobile banking to their huge stack of application. These vendors thoroughly test their applications over multiple devices, Kwiatkowski says. It's when banks customize the underlying code of these apps or try to quickly build their own that they run into trouble, he says.
It's understandable that banks would want to differentiate their mobile banking offerings, especially for that group of customers for whom mobile banking is their primary means of contact with the bank. "Different can be great, but it's not always good," Kwiatkowski says. "Why are you doing it - is it customer demand you're responding to or do you think you need to be different? Unless you're an expert coder familiar with mobile banking apps, and not too many banks have that, it's a risky venture."
That said, Kwiatkowski believes the Citi episode is an isolated incident. "Could it happen again? Of course. Will it? I'm leaning toward unlikely," he says. "But it's a timely reminder not to lose sight of making sure you have appropriate levels of security, as you would for any banking transaction channel."