How Secure are Mobile Banking Apps for Business?
A remarkable part of our lives has transitioned over to making things faster, more efficient, and more accessible. Just only 13 years ago, the very first iPhone was released by Apple in 2007. Now, both iOS and Android smartphones are a standard in society, especially within the business realm.
Even though being able to handle business banking as you’re standing in line at your favorite coffee shop is the epitome of “convenience” and “accessibility”, there are some real cybersecurity concerns. This same accessibility and drive for convenience which makes it so easy to conduct business, also makes it easier to be exploited from a cybersecurity standpoint.
Today, let’s focus on how secure mobile banking apps are for businesses.
When looking at the statistics, half of mobile banks are prone to fraud and exploitation of financial information due to inadequate protection on apps. Positive Technologies’ latest 2020 report on “Vulnerabilities and Threats in Mobile Banking”, found that none of the 14 mobile banking applications that were tested had hit the bar of “acceptable security”. 43% of the clients who installed the banking apps also stored sensitive data in clear text on their phone as well. As a result, this data was at risk of being accessed by an unauthorized party. On top of that, 76% of the vulnerabilities could be exploited remotely, without physical access to the device. Over one-third could be exploited without requiring administration rights on the smartphone.
When it came time to analyze the mobile bank’s side of things, there was an average of 23 vulnerabilities on the server-side. Because of these different vulnerabilities, it makes it easy for hackers to steal banking login and user credentials from 5 out of 7 mobile banks based on the report’s statistical sample size..
Also, the types of security flaws differed depending on the OS of the device, according to the report. iOS users had only minor security flaws, while 29% Android users had vulnerabilities classified as “high-risk”.
Olga Zinenko, analyst at Positive Technologies, commented: “Banks are not protected from reverse engineering of their mobile apps… Through these vulnerabilities, hackers can obtain usernames, account balances, transfer confirmations, card limits and the phone number associated with a victim’s card. We urge that banks do a better job of emphasizing application security throughout both design and development…”
So how does all of this information apply to small business owners?
The data found in this report by Positive Technologies opens up a big can of worms regarding the security of smartphone applications geared towards business and convenience. It is definitely a “tread at your own risk” type of call.
It’s worth noting that just last week, the FBI warned that cyber-criminals are seeking to take advantage of the growing use of mobile banking apps during COVID-19. As a result, now maybe the time to crack down on any vulnerabilities and shy away from mobile banking with unsecured devices.
Here are just a few practical things you can do to help prevent cybersecurity breaches:
1) Consider switching to iOS devices, you aren’t using them already.
While both iOS and Android have their pros and cons, Apple’s App Store has higher cybersecurity requirements for their apps and appear to have a better grip on patching vulnerabilities in the phone’s base code.
2) Contact your bank about any additional authentication or security measures that can be placed on your account.
Simple things like having a multi-factor authentication option when accessing your bank account or setting up strict limits for fund transfers could save you from a nightmare.
3) Do not store banking or login credentials in your “Notes” app or note section under “Contacts” on your phone.
If your phone is compromised, that’s the first spot hackers and malware scan for any sensitive data. Use a password manager to hold any sensitive data and passwords.
If you’re concerned about cybersecurity vulnerabilities in your business, give us a call at (860) 785-6233 or contact us to schedule a Cyber Security Risk Assessment. Encompass IT Solutions provides top-notch cybersecurity analysis and threat-reduction solutions for small businesses throughout Connecticut and Massachusetts.