Mobile banking on Android phones could put consumers at risk of fraud and cost banks millions a year. That was the warning from IT security firm MWR InfoSecurity on the final day of the Mobile World Congress, held this week in Barcelona.
MWR Labs, the research arm of MWR InfoSecurity, investigated the security standards of leading Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile devices phones for online banking. Results indicated that on some handsets as many as 64 per cent of manufacturer added applications were exposing users to serious security issues.
Harry Grobbelaar, MWR’s managing director in South Africa, said: “We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud. Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native NFC payment functionalities but if the software in the phones is not secure, the risk will then be even higher.”
The increasing number of merchants moving to smartphone based PoS devices, for example using Bluetooth or directly connected chip-and-pin accessories for iPhone or Android, indicates that mobile phones will become a critical element in the payment chain and if not adequately protected, they could introduce additional risks for card fraud that could cost banks millions a year. Grobbelaar commented: "The move by consumers away from PC's for online banking to mobile platforms will inevitably be followed by the criminal gangs who have been successfully targeting online banking for years. We have already seen many examples of malicious apps sending premium rate text messages and expect there will be a natural progression to higher value areas such as payments and banking."
MWR Labs looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.
Latest News
-
UK court confirms shutdown of payments firm over crime concerns
-
Visa and OpenAI partner to enable secure agentic AI payments
-
Citi hires new MD for consumer and retail investment
-
Rabobank, ING, Credit Agricole ‘consider stake in Belgium-owned bank’
-
Visa and Mastercard win preliminary approval for $38bn swipe fee settlement
-
UK watchdog investigates auditors linked to collapsed lender MFS
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories