Eight out of ten apps

Author: Clayton Locke

How much do you trust your mobile banking app?

According to a recent Praetorian report, eight out of ten mobile banking apps contain design weaknesses that compromise security. The report finds a correlation between security vulnerabilities and inexperienced mobile development teams. All mobile banking apps get tarred by the insecure apps produced by teams who either lack the resources or experience to properly develop them. As an industry, we must address this issue. After all, another recent study reports that while the majority of consumers are willing to use their mobile device to manage their finances, only a quarter are happy to use it to make a payment due to security concerns. So, what can banks and the rest of our industry do to give consumers piece of mind and help turn the minority into the majority?

The short answer is certification. Not just tested internally, but externally audited and certified, much like we are currently doing now with our PCI certification. Hackers are becoming increasingly sophisticated, so all mobile banking apps must be constantly tested for weak points – and as an industry we would be wise to consider a certification process that must be completed by an App annually in order to achieve a “Secure Mobile Banking App” status. We all do penetration testing and ethical hacking; why not centralise this as a shared service across the industry?

With pioneering security features such as fingerprint and retina scanners beginning to make their way into mainstream mobile devices, there are also new opportunities to actually strengthen mobile security over other banking channels. The European Central Bank’s mobile banking and payments recommendations in January will help with this –by establishing much-needed agreed industry standards. Savvy banks will use it as an opportunity to innovate and integrate new forms of authentication into their log in process. Doing so not only has the potential to make mobile banking apps easier for consumers to use, but could also greatly enhance the security of them too.

Ultimately, with smartphones on the verge of outnumbering people, it is inevitable that more and more consumers will want to manage their finances with the touch of a button – but it’s up to the industry to make sure they can do so knowing their money is in safe hands.

16 Dec 2013

Author: Clayton Locke

How much do you trust your mobile banking app?

According to a recent Praetorian report, eight out of ten mobile banking apps contain design weaknesses that compromise security. The report finds a correlation between security vulnerabilities and inexperienced mobile development teams. All mobile banking apps get tarred by the insecure apps produced by teams who either lack the resources or experience to properly develop them. As an industry, we must address this issue. After all, another recent study reports that while the majority of consumers are willing to use their mobile device to manage their finances, only a quarter are happy to use it to make a payment due to security concerns. So, what can banks and the rest of our industry do to give consumers piece of mind and help turn the minority into the majority?

The short answer is certification. Not just tested internally, but externally audited and certified, much like we are currently doing now with our PCI certification. Hackers are becoming increasingly sophisticated, so all mobile banking apps must be constantly tested for weak points – and as an industry we would be wise to consider a certification process that must be completed by an App annually in order to achieve a “Secure Mobile Banking App” status. We all do penetration testing and ethical hacking; why not centralise this as a shared service across the industry?

With pioneering security features such as fingerprint and retina scanners beginning to make their way into mainstream mobile devices, there are also new opportunities to actually strengthen mobile security over other banking channels. The European Central Bank’s mobile banking and payments recommendations in January will help with this –by establishing much-needed agreed industry standards. Savvy banks will use it as an opportunity to innovate and integrate new forms of authentication into their log in process. Doing so not only has the potential to make mobile banking apps easier for consumers to use, but could also greatly enhance the security of them too.

Ultimately, with smartphones on the verge of outnumbering people, it is inevitable that more and more consumers will want to manage their finances with the touch of a button – but it’s up to the industry to make sure they can do so knowing their money is in safe hands.