The Bottom Line
Mobile banking apps: Balancing convenience, security and access resilience
By Diane Silcock and Robin Dunbar
AS banking apps become increasingly sophisticated, financial institutions face mounting pressure to deliver frictionless digital experiences without compromising the security and trust on which customer relationships depend.
Many small and medium businesses rely on their cellphones to perform daily business banking transactions via a banking app and to obtain One-Time-PINs. But have they considered how they will conduct their banking in the unlikely event that their cellphone is stolen or damaged? For a business owner, this scenario could bring essential transactions to a halt.
The dilemma of the OTP
How do you receive an OTP without your cellphone when your bank will not email the OTP for security reasons? Or, in the case of some banks, how do you access internet banking from your laptop without an OTP from your now stolen or damaged cellphone? The dilemma is clear.
Some of South Africa’s banks appear to be divided on the matter of OTPs. Capitec says that it has ‘largely moved away from SMS OTPs because of inherent security risks’, FNB will send OTPs via SMS, but not via email, while Standard Bank allows OTPs to be sent via email.
The balance between convenience and security
South Africa’s banks are clearly dedicated to ensuring a secure digital banking experience, particularly with the rise in cybercrime. But when complexities outweigh convenience, and processes and protocols hinder a client’s banking experience or render them unable to transact, it’s time to rethink.
As bank apps become more complex, more vulnerable groups become greater targets for cybercrime. It’s noteworthy to mention Dr Nondumiso Ndlovu’s PhD research on how elderly users in Hammarsdale township are ‘navigating the complex and increasingly perilous world of e-banking’.
She makes the point that ‘banks must not assume a one-size-fits-all approach to digital adoption. By addressing the unique vulnerabilities faced by older users, we can ensure that digital financial services become a tool for inclusion – not exploitation’.
Standard Bank says, “We recognise these challenges and remain deeply committed to safeguarding our clients, particularly pensioners, against evolving fraud tactics. Our commitment is reflected not only in ongoing investment in advanced security controls, but also in our extensive fraud awareness efforts and client education initiatives.”
Capitec states: “In 2025, our AI tools blocked 80 000 mule accounts and stopped 200 000 payments to scammer accounts. We have invested significant time and resources into fraud prevention technologies, initiatives and education. Combined, our security tools and teams prevented over R300 million in client fraud in 2025.”
These initiatives are vitally important to safeguarding business and personal accounts, but simplicity and finding the right balance between convenience and security should ultimately be the goal when it comes to banking apps and any form of digital banking.
The bottom line is: Convenience without contingency is not innovation — it is risk. If a client can be locked out of their account because of an app outage, a lost cellphone, or a system failure, then the system is fundamentally incomplete.
Banks cannot expect customers to operate in a single-channel ecosystem with no practical fallback. A secure, verified email alternative — backed by strengthened authentication protocols — should not be optional; it should be standard.
True digital leadership is measured not by how sleek the app is when it works, but by how resilient the system is when it doesn’t.
