Zero-Trust Architecture in Consumer Mobile Banking Applications
DOI:
https://doi.org/10.51137/wrp.ijmat.597Keywords:
Zero-Trust Architecture, Mobile Banking Security, Continuous Authentication, Micro-Segmentation, Financial CybersecurityAbstract
The proliferation of consumer mobile banking applications has created an expanded attack surface that traditional perimeter-based security models are ill-equipped to address. This study investigates Zero-Trust Architecture (ZTA) implementation within consumer-facing mobile banking environments through a mixed-methods design combining systematic literature review with empirical analysis across eight leading financial institutions. Results demonstrate that ZTA-compliant applications reduce successful credential-based attacks by 89% and lateral movement incidents by 94% compared to legacy models. Continuous device posture assessment frameworks achieve 96.4% anomaly detection accuracy while adding fewer than 120 milliseconds of authentication latency. Micro-segmented API gateway architectures reduce the blast radius of compromised sessions by 78%. A layered ZTA implementation incorporating continuous authentication, least-privilege access enforcement, and real-time behavioral analytics delivers optimal security outcomes for modern mobile banking ecosystems without materially degrading user experience.
References
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., & Janicke, H. (2022). Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access, 10, 40281–40306. https://doi.org/10.1109/ACCESS.2022.3165809
Mahfouz, A., Mahmoud, T. M., & Sharaf Eldin, A. (2017). A survey on behavioral biometric authentication on smartphones. Journal of Information Security and Applications, 37, 28–37. https://doi.org/10.1016/j.jisa.2017.10.002
Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018). Multi-factor authentication: A survey. Cryptography, 2(1), 1. https://doi.org/10.3390/cryptography2010001
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero trust architecture. NIST Special Publication 800-207. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207
Sabt, M., Achemlal, M., & Bouabdallah, A. (2015). Trusted execution environment: What it is and what it is not. In Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 57–64). Helsinki, Finland. https://doi.org/10.1109/Trustcom.2015.357
Sitová, Z., Šeděnka, J., Yang, Q., Peng, G., Zhou, G., Gasti, P., & Balagani, K. S. (2016). HMOG: New behavioral biometric features for continuous authentication of smartphone users. IEEE Transactions on Information Forensics and Security, 11(5), 877–892. https://doi.org/10.1109/TIFS.2015.2506542
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE Access, 10, 57143–57179. https://doi.org/10.1109/ACCESS.2022.3174679
Tahir, R., Hyder, W., Bano, M., & Shafiq, M. Z. (2021). Federated learning for privacy-preserving mobile banking fraud detection. In Proceedings of the IEEE International Conference on Communications (ICC 2021) (pp. 1–6). Montreal, Canada. https://doi.org/10.1109/ICC42927.2021.9500898
Wylde, V. (2021). Zero trust: Never trust, always verify. In Proceedings of the 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) (pp. 1–4). Dublin, Ireland. https://doi.org/10.1109/CyberSA52016.2021.9478244
Zhang, J., Chen, B., Zhao, Y., Cheng, X., & Hu, F. (2018). Data security and privacy-preserving in edge computing paradigm: Survey and open issues. IEEE Access, 6, 18209–18237. https://doi.org/10.1109/ACCESS.2018.2820162
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Abdullah Tariq (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
