Two Thirds Of Banking Apps Have Critical Vulnerabilities

By   ISBuzz Team
Writer , Information Security Buzz | Apr 25, 2018 06:30 pm PST

Today, cybersecurity firm Positive Technologies released its yearly report into vulnerabilities in financial applications. According to the report, the number of vulnerabilities the Positive Technologies teams discovered has fallen, which means banking apps and websites are getting safer. However, two thirds of online banking systems still contain at least one critical vulnerability. Don Duncan, Director at NuData Security, a Mastercard Company commented below.

Don Duncan, Director at NuData Security, a Mastercard Company:

“Thanks to the omnichannel experience, users can jump to and from web and mobile applications. But fraudsters can do the same, looking for the path of least resistance to commit fraud, which is why now mobile fraud is growing. More than 50% of the account takeover attacks across NuData clients come in via native apps and enterprise APIs. This is the biggest risk point today, much more than desktop.

While fewer critical vulnerabilities is good news, this doesn’t mean customer accounts are protected. All the exposed data –  due to the endless breaches – makes it easier to find working username and password combinations. Today, a fraudster doesn’t need to break a system to access sensitive data. Most of the attacks’ objective is to reach sensitive data they can profit from. Bad actors can easily get their hands on the customer data that breaches make available.

One way for financial institutions to protect their customers’ accounts – and, in turn, their business – is to implement security tools that don’t rely on the data provided by the customer.

Multi-layered solutions that include passive biometrics are providing enhanced account protection that doesn’t rely on static data. Passive biometrics monitors the user’s inherent behaviour such as how they type or hold the device – making this information impossible to steal or replicate by bad actors.  This way, even if the static data has been stolen, decrypted, and ready to be used, bad actors can’t take over the account.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x