However, the percentage of critical vulnerabilities is falling each year, according to the company’s press release. For example, high-risk vulnerabilities were found on 90% of systems in 2015; by 2016, this number dropped to 71%; and, in 2017 it dropped further to 56%. Despite this encouraging trend, security shortcomings remain a menace for banks and clients.
Each e-banking system analysed in 2017 contained, on average, seven vulnerabilities; this up from six in 2016. However, high- and medium-risk vulnerabilities made up a smaller portion, yet only a third of online banks were free of critical vulnerabilities in 2017, whereas in 2016 all financial web applications (except one) had at least one.
The situation with mobile banking apps is similar. Almost half (48%) of mobile banking apps still contained at least one critical vulnerability. In 52% of cases, attackers could exploit vulnerabilities to decrypt, intercept, or brute force accounts to access the mobile app or bypass authentication entirely. These actions would effectively give the attacker total control over the account of a legitimate user.
On average, iOS apps are better protected than Android, even when created by the same bank. High-risk vulnerabilities on iOS accounted for only 25% of total vulnerabilities, compared to 56% on Android. In some cases, the iOS mobile app was free of vulnerabilities that were found present in the corresponding Android app.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright