Menu
Banking Exchange Home
Menu

More To Worry About: Beware the apps

With the onslaught of electronic channels—from online and mobile banking to social media marketing—and the proliferation of gadgets—smart phones, tablets, and ever-slimmer laptops—the opportunity for cyber threats is increasing exponentially. 
 
 

More To Worry About: Beware the apps

Some analysts see an emerging vulnerability in the applications (apps) downloaded in this mobile, digital world. Although there doesn’t seem to be any statistical analysis of this threat—yet—the potential is reasonable.

In particular, two areas may be prone to do damage: malware installed on apps and fake apps that could entice users to provide confidential information.

Regarding the former, “When you go to your app store and download a free app, no one really knows what’s inside it, outside the person who wrote it,” says Michael Urban, Fiserv’s director of financial crimes risk management. Even the purported app writer may not fully understand what’s included, he explained to Tech Topics. Why? The writer may hire others to write discrete pieces of code.

“It’s very difficult to understand if there is something inside this app that’s going to do something, at some point of time, that you don’t want to happen,” Urban continues. “It could install malware, it could get some information, and it could send it off somewhere. There isn’t really that level of analysis and vetting done on the apps that are provided for sale, let alone the apps that you can find on the internet.”

Even fake bank apps made a brief appearance, Urban says. “There were a couple of Android market apps that used legitimate bank logos. The idea was to get you to install the app, and then ask you to provide your credentials. Then it stripped the credentials and didn’t really work,” he says. Urban points out that these apps were removed from the app store, “but it just shows that many times, with the amount of vetting that’s going on out there, those apps aren’t always checked.”

Any advice? “Make sure that you’ve got a process in place that’s monitoring app stores and the internet generally,” Urban says. Banks already may do this from a branding perspective to protect themselves against phishing sites or tweets about bad experiences, for example. But such web-presence monitoring “needs to be extended into app stores as well,” he explains, “so that if there is something that comes in there that’s using your brand, you want to be able to know as quickly as possible and understand what steps to take, whom you would contact, in order to manage that type of situation.”

At the same time, Urban says, as a bank builds its own legitimate mobile app, appropriate precautions need to be taken. “It’s just as important to protect and have secure coding practices in mobile as it is anywhere else in the institution.”
John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at jginovsky@sbpub.com.

back to top

Sections

About Us

Connect With Us

Resources