EXECUTIVE SUMMARY:

Mobile banking is intended to mutually improve client-institution satisfaction, optimizing the speed of consumers’ interactions and shedding the tellers’ volume of clients. Banking applications rank among the most popular apps for American consumers, with nearly 70% of millennial reporting use of personal banking applications. Recently, widespread security flaws were discovered within these apps, potentially eroding institutional credibility.

A white hat senior analyst reports that “…it took me 8.5 minutes on average to crack into an application and begin to freely read the underlying code, identify APIs, read file names, access sensitive data and more,” during recent banking app security investigations, signaling the depth of the security trouble. Access to the source code means that a malicious actor can control where data is transmitted to, and can subsequently use the data for nefarious purposes.

The investigation examined 30 Android apps across financial services verticals, with companies ranging in size from SMBs to those with more than $10 billion in market capitalization. The investigators found weakness in 83% of the apps tested. IOS apps were not scrutinized due to time constraints, but are predicted to exhibit the same issues.

In the rush to remain competitive, some institutions push out apps with coding inaccuracies. To guard against mishaps and fraudulent transactions, it’s imperative that we:

  • Pass legislation requiring stronger security protocols
  • Mandate a range of vulnerability testing requirements
  • Pressure banks to offer real-time text and email alerts
  • Secure third-party access portals

Effectively managing IT risk forecasts increased longevity for an enterprise.

Get the full story at TechRepublic.