Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

Article on behalf of: Laurent Gautier, co-founder and President, Ilex International

With the number of smartphone users rising to over two billion across the world, it cannot be denied that greater mobility offers huge business growth potential for financial institutions.  With mobile apps becoming an integral part of both our personal and professional lives, the financial sector is learning to embrace mobile with almost all major banks, insurance companies and investment banks offering mobile apps to customers.

While many financial institutions have been relatively quick to adopt mobile, some are still hesitant. This is understandable with mobile apps increasingly vulnerable to security breaches.  The consequences of putting innovation ahead of security can be disastrous and cost financial organisations a lot of time and money, let alone dealing with data regulatory and compliance issues..

A recent study carried out by Wegilant revealed that over 70 percent of banking apps in the Asia-Pacific region are vulnerable to attack and data leaks on the Android operating system.  These apps are ideal targets for hackers, as they contain customers’ confidential financial data.

Some of the most common security breaches on mobile apps include:

  • Theft of data stored on the mobile (personal contacts, files, e-mails, etc.)
  • Data leakage: The improper implementation of an app code can result in sensitive information being leaked from logs and cache – for example, credit card details
  • Secret channel: A malicious app spies on a genuine app; it is then able to communicate the genuine app’s sensitive data to the malicious one’s command and control centre
  • Hardcoded sensitive information: Reverse engineering an application exposes sensitive code and sometimes even credentials to key servers
  • Clickjacking on mobile environment: well known on the web, this technique involves impersonating the user interface to gain trust and/in order to gather confidential information. It is combined with traditional social engineering in order to be more credible
  • SQL injection: A code injection technique that exploits security vulnerabilities in an application’s software, SQL is still one of the most common attack methods when it comes to extracting confidential information. It is used to attack data-driven applications and is commonly used in attacks on mobile devices
  • Public Wi-Fi: Public, in particular open, Wi-Fi access points are real danger zones and can expose sensitive data on the network if it is not secure

 Five simple steps to limit mobile data security risks:    

  1. Don’t store data on your mobile. The storage of sensitive information is a key aspect of mobile app security. If storing sensitive information is absolutely necessary, it is crucial that the data is encrypted. The type of encryption to use, for example a secure data container or third party encryption, depends on the type of sensitive information you need to store on the mobile. Never store sensitive information in the apps logs, cache (http requests), local databases (SQLLite), or in the hardcode itself.
  1. Restrict app permissions to the bare minimum. This is an effective way to limit the impact in case of an attack. Sensitive permissions, such as sending an SMS and GPS positioning must be carefully considered.
  1. Secure transactions on the network. This relates to particular exchanges between the app and its server. Data, including corporate and personal data, shared between the server and the mobile is often confidential. A strict access and rights management policy must be in place on the server side. All communications must be encrypted, as many users regularly connect to networks that are not secure, such as public Wi-Fi.
  1. Use existing, safe and strong encryption technologies. On no account use personal cryptography algorithms. During data flow encryption with a certificate (for example, HTTPS), it is essential to verify the validity of the server certificate, the end of validity date, no self-signed certificate and recognised certification authority are points to consider.
  1. Encrypt the app; this should be done before the application is distributed via stores.

Innovation must not be prioritised over security

Mobile apps are vulnerable to data leaks, yet they continue to multiply in all industries including banking and retail where security is crucial. Due to the time it takes to develop this kind of application, many financial organisations delegate their app development to third parties, many of whom have no security expertise and mass-produce mobile apps on a daily basis without implementing the necessary security protocols.

All mobile apps, however innovative, must be developed with security issues front of mind. Existing security technologies can be integrated to limit the risk of attacks. To stem the barrage of threats in the mobile world, it is crucial that all actors in the finance sector work together to keep users’ data secure.  Organisations must ensure mobile apps are correctly secured before releasing them on the market. In a highly competitive world, the banks and finance organisations who will fully benefit from the rise of mobiles will be the ones who accept that digital innovation and security are not mutually exclusive.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts