Launch of the Latest Security Report on Bank Apps in APAC at Singapore FinTech Festival

By LTP

The rapid digitization of consumers and enterprises will increase the cost of data breaches to USD 2.1 trillion globally by 2019 from USD 500 billion in 2015 – affecting mainly large banks, retailers and federal agencies as per Forbes Inc. One of the recent cyberattacks that happened at one of Australia’s largest banks in 2016 was done by a malware attack using an Android mobile application. The virus presented a fake version of the login screen and intercepted the username or account number and password. The sophistication of this malware enabled it to intercept the two-factor authentication (learn more here) code sent by banks.

About 2 billion consumers will be smartphone-enabled by the end of the year, which will give them the ability to make real-time payments, instantly generate bank statements amongst other sensitive transactions inside their mobile banking applications. According to the Mobile Banking Report, “Mobile is already the largest banking channel for the majority of banks by volume of transactions and it’s growing rapidly, with an exponential increase in mobile banking users predicted over the next five to ten years.” To keep up in this technological race, most of the banks are heavily investing in developing their mobile banking applications or acquiring small companies which provide them with a technical edge. While adapting new technologies to the conventional way of doing business, one of top three priorities of banks and credit unions have been mitigating cyberattacks, according to a survey conducted by CSI (Computer Systems Inc.), a financial technological provider in 2016 to highlight the greatest risks and challenges for banks and credit unions.

Appknox, a cloud-based security app solution located in Singapore, has released a report to understand the threats and vulnerability of 106 mobile banking applications in Asia. The tests were done on banking mobile applications based on the Android operating system and available for use in the APAC on the Google Play Store. The apps were analyzed across 14 different threat scenarios that could cause security lapses. Appknox conducted these tests using the URLs (binary versions) of the apps, without even having access to the source codes, which indicates the seriousness of these issues.

The report reveals that 85% of mobile banks were vulnerable to high, medium and low security loopholes and over 50% of apps were found to have at least four to six bugs in them.

Here are the key threats to the mobile banking applications that were studied:

  • 13% of the mobile banking applications had broken trust for SSL
  • 15% of the mobile banking applications had Remote Code Execution through the Javascript interface
  • 10% of the mobile banking applications had insufficient Transport Layer Protection
  • 12% of the mobile banking applications had derived crypto keys
  • 26% had other threats that could harm the security of their mobile banking applications

Mobile apps have become an integral part of digital banking strategy and despite increased security measures, hackers have found their ways around it. It is vital that banks pay importance to security while adopting new technologies to ensure maximum customer satisfaction and protection.

First appeared at LTP