PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

2 out of Every 3 Banking Apps Prove Vulnerable to Common Hacks

Tim Sloane by Tim Sloane
July 20, 2017
in Analysts Coverage
0
Mobile banking
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

While banking apps can be very convenient, they also come with some risks. One of the most serious risks is security. Hackers can target banking apps in order to try and access sensitive customer information. In some cases, they may even be able to take over customer accounts and drain them of funds.  

This article in Information Age indicates that while the total number of critical vulnerabilities discovered by Positive Technologies annual review fell, the severity of the remaining vulnerabilities increased:

“The total number of critical vulnerabilities in financial applications fell in 2016, however the overall severity level of the identified vulnerabilities grew significantly.

The most common vulnerabilities relate to flaws in mechanisms for identification, authentication, and authorisation of users with two in three remote banking applications vulnerable to brute force attacks. These are the findings detailed in a report, published today by Positive Technologies, of its financial application security assessments performed throughout 2016.”

Exactly what types of apps were included in this study is unclear, but it appears to include most financial apps, including wallets and mobile banking. The types of vulnerabilities were also described briefly:


“The assessment of banking applications in 2016 demonstrated that the share of critical vulnerabilities grew by 8%, and medium-severity vulnerabilities by 18%. Production systems had an average of twice as many vulnerabilities as those still in development. Applications developed by third party vendors had on average twice as many vulnerabilities as applications developed in-house.

Most online banking applications (71%) contained flaws in their implementation of two-factor authentication. 33% of online banking applications had vulnerabilities that made it possible to steal money, and in 27% of applications, an attacker could access sensitive client information.

Mobile banking applications also have issues with an attacker able to intercept or brute force user credentials to one in three apps. Banking apps on iOS remain more secure than their Android equivalents. The real problems in protection lurk on the server side: Positive Technologies’ researchers found dangerous server-side vulnerabilities in every application tested.”


The research conducted this year also included testing the security of backend systems and that didn’t go well either:
“This years’ report also includes statistics of security within automated banking systems, usually thought to be beyond the reach of external attackers. Two thirds of the vulnerabilities found within automated banking systems were critical, some even allowing administrative server access. With this level of access, an attacker could conduct fraudulent transactions yet remain unnoticed.The possibilities for such fraudulent transactions are practically limitless: attackers could create new accounts, change their balance, or create counterfeit payment transfers to other institutions.


‘In our analysis of 2016 incidents,’ said Evgeny Gnedin, head of security analytics at Positive Technologies, ‘we note that targeted attacks against banks often used these possibilities.’ ”

The press release that includes a link to the report PDF can be found here: 

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here 

Tags: BankingFraud Risk and AnalyticsMobile
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from CSG Forte: