Sorry, you need to enable JavaScript to visit this website.

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Report Shows Major Security Holes in Banking Apps

Report Shows Major Security Holes in Banking Apps
April 15, 2019

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data.

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency.

Among the most alarming finding was the practice of embedding and hard-coding of private certificates and API keys into banking apps. API keys and certificates are the primary means of authenticating a user’s identity and determining their level of access to data; leaving hard-coded versions on an app makes access significantly easier for a would-be hacker to gain far too much access to the data underpinning the apps themselves.

Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

Aite declined to identify the companies behind the apps researched or say whether they had warned the companies about the security holes discovered in their apps.

Read more about their report’s findings here.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started