In their latest report entitled The impact of annual summaries, text alerts and mobile apps on consumer banking behaviour the UK’s Financial Conduct Authority (FCA) has found that Mobile banking apps and text alerts are the best way to help customers manage their finances better. Tom Lysemose Hansen, founder of application security specialists Promon has said that this reinforces the need to make sure that the most used method of banking should also be the most secure.
Tom explained, “This report provides further weight to the argument that consumers no longer view banking applications as nice-to-have novelties. It is clear that they are an integral part of customers day-to day banking experience.”
Tom continued, “The rise in popularity of mobile banking applications has shifted the balance to exploiting the value of these apps in terms of consumer convenience, rather than curtailing the security risks involved. Application security testing can be challenging and is often carried out by developers who are focused upon the functionality of the applications, not the security.”
Tom said, “Large scale migration to mobile banking carries with it a corollary statement that unmapped viruses have emerged and firewalls no longer offer sufficient protection to consumers. Applications need to be both self-aware and self-protecting and the threat of mobile viruses, Trojans, spyware, and malware needs to be tackled head on.”
Tom explained “To illustrate we can look at Trojan / Man-in-the-Browser (MiTB) attacks. They are far from a novel concept and the risks and dangers have been understood for some time now. However Man-in-the-App (MiTA) is today’s MiTB, and the convenience of these applications has lead to a degree of corporate memory failure regarding past experiences with MiTB and how to counter similar threats today.”
Tom continued, “The infiltration of mobile banking applications has become all too simple for cybercriminals, the apps are lacking defense against malware and are therefore highly vulnerable. Given the findings of the FCA report for both day-to-day use and larger transactions, bank’s and their customers should be very concerned.
“The increased risk facing transactions, sensitive information and even mission critical systems within the mobile banking world cannot be ignored. Mobile banking is a hot bed for the cyber criminal activity and a security led approach focused upon vulnerabilities rather than threats is fundamental to its sustainability as a viable channel for conducting our financial affairs, ” Tom concluded.