Privacy protection in the mobile ecosystem is a critical factor that organizations must prioritize when developing authentication strategies. This is essential not only to safeguard customer trust but also to ensure regulatory compliance. Ultimately, identity verification processes are designed to protect users and their data, beginning with obtaining explicit consent for required actions.

It’s important to note that privacy safeguards in the mobile environment dictate how the information provided by individuals seeking access can be used, stored, or shared.

A 2023 Cisco survey revealed that consumers are increasingly proactive about protecting their privacy, especially among younger generations. The survey found that:

• 87% of respondents expressed concerns about data privacy.
• 81% are willing to invest time and money to safeguard their data.
• 46% switched companies or providers due to data-sharing policies or practices.

At the same time, mobile devices connected to the Internet remain vulnerable to targeted attacks and security threats. According to Kaspersky, cyberattacks surged significantly in 2023, reaching nearly 33.8 million incidents—a 50% increase compared to the previous year.

A Delicate Balance

This challenging landscape requires companies offering financial mobile applications to walk a fine line, as they must simultaneously ensure:

• Security.
• Seamless functionality and improved user experience.
• Consumer data privacy.

Additionally, app developers must adhere to regulatory requirements. For example, Europe's General Data Protection Regulation (GDPR) enforces stringent rules on how personal data is collected, stored, and processed. Non-compliance can result in substantial fines and legal consequences.

Levels of Consent

As Gabriel Chapt, CEO of Plusmo, explained during a webinar on mobile identity, "Some applications may operate under the concept of legitimate interest, which relates to protecting usage and involves general user consent. However, more precise consent is required for specific APIs (application programming interfaces)."

Mobile identity authentication services delivered via APIs must begin with explicit customer consent. This ensures that, for example, a telecom operator is authorized to share a user’s location, enabling banks or fintech providers to enhance the security of transactions.

Mobile ID services are delivered through APIs under the GSMA-led Open Gateway initiative, the entire process is standardized within a shared framework.

At Plusmo, we are at the forefront of developing authentication services for the mobile environment. We assist organizations in seamlessly integrating these solutions into their identity verification processes.

‍