Application Security in Banking
May 10th, 2022 | By Jscrambler | 3 min read
Secure applications mitigate risks and minimize vulnerabilities as they are secured against digital fraud and data leakage but also enhance compliance with industry regulations, standards, and laws.
The Rise of Mobile Apps in Banking
In the case of banking, we have seen the industry continuously shift towards a digital-centric approach. Nowadays, you can perform any financial operation through a mobile or web app without any hassle while having a great user experience.
Despite all the benefits of this digital transformation, which has stimulated a highly competitive banking industry, there are some security considerations to highlight.
For instance, the emphasis on development speed often makes companies see security as an afterthought rather than a priority. And in the case of the financial industry, this is especially concerning since a large volume of sensitive data is put at risk.
Consequences of Unprotected Source Code in Banking Applications
If left unprotected, due to the nature of the data they handle, banking apps are susceptible to data leakage and fraud attempts.
Attackers can leverage web supply chain attacks, relying on the lack of visibility companies have over their third-party code, to inject malicious code into their websites and tamper with transactions and personal data.
In turn, those attacks also result in a breach of compliance with regulations and standards, such as PCI DSS and GDPR, which ends up bringing in heavy fines for organizations.
Given the high degree of exposure of sensitive data in these applications, it’s no surprise to see security standards such as PCI DSS now requiring compliant companies to keep an updated inventory of all of their website’s scripts and monitor in real-time for the addition of any malicious code, such as payment card skimming code.
To help achieve this compliance faster, especially with the PCI DSS v4.0, Jscrambler launched a free tool tailored for the new PCI anti-skimming requirements.
The State of Application Security in Banking Applications
The vast majority of banking institutions have gone through a stage of digital transformation.
Have these institutions given enough attention to the client-side security of their web and mobile applications?
Jscrambler's research team has looked deeper into some regions around the globe to see what the state of application security in banking looks like. The results show some interesting patterns.
63% of banking apps in the LatAm region don't use obfuscation techniques
In the LatAm region, we had previously found that around 63% of banking applications don’t use obfuscation techniques in their code. The same is true for Brazilian banking apps, 65% of which leave their code unprotected.
This means that the majority of banking apps in these regions are vulnerable to various client-side attacks, as outlined in standards like ISO 27001, OWASP, and NIST.
“Program source code can be vulnerable to attack if not adequately protected and can provide an attacker with a good means to compromise systems in an often covert manner.”.
ISO 27001 Standard
Now, the Jscrambler research team has delved into the UK banking industry, seeking to understand if banking apps in this region are equally lagging in security. You can get first-hand access to these insights by reading the free report regarding the state of application security in UK banking.
Protecting Banking Applications and Keeping User Data Secure
To protect banking apps from attacks, organizations must adopt application shielding and third-party management techniques.
This includes protecting the client-side source code through a multi-layered approach (obfuscation, environment checks, and runtime protection) while gaining visibility of all third-party code running on the banking website.
Both of these dimensions are essential to ensuring secure data management practices and the mitigation of client-side threats in real-time before they even become a problem.
To learn more on the subject of application security in banking apps, please refer to the following resource:
Must read next
Online Banking Growth: New Security Challenges
The Covid-19 pandemic has prompted a growth spurt in online banking. As banks release new web and mobile platforms, they must secure their client-side.
July 8, 2020 | By Rui Ribeiro | 3 min read
Online Banking and Financial Services: Is Enough Being Done to Protect the End-User?
Working in online banking and financial services? Check what you should address to protect your users according to Information Age.
August 16, 2017 | By Jscrambler | 5 min read