News

12:16 PM
Connect Directly
RSS
E-Mail
50%
50%

Report Points to Security Holes in Customer-Facing Bank Apps

The CRASH Report, a study of the structural quality of applications, reveals that banks have some work to do when it comes to making their customer-facing applications structurally sound and secure -- especially as they innovate in the mobile channel.

New York-based software analysis company Cast Software recently released its second annual CRASH (Cast Report on Application Software Health) report, a study of the structural quality -- the engineering soundness of the architecture and coding -- of business application software. The study examined 745 enterprise software applications in 160 organizations across industries. For the banking industry, the most significant finding is that while most legacy core banking applications tend to be secure, the newer, customer-facing financial apps tend to have more structural flaws that could cause operational problems such as outages, performance degradation, breaches by unauthorized users and data corruption.

Bill Curtis, senior vice president at Cast Software and co-author of the CRASH report, says that there are a number of reasons for the disparity of structural soundness between older, back-end applications and newer, customer-facing apps. "These large legacy applications usually sit on mainframes and are not exposed to web. It's the exposure to the internet that opens the doors for hackers to come in," he explains, adding, "For 30 or 40 years the IT people at banks have been trying to eliminate all of the security holes in these legacy applications. They've really been working hard over a long period of time and have gotten common weaknesses out of the apps."

The programming language used to write the application also makes a difference in its structural soundness, according to Curtis. He says that many financial core applications have been written in the mature COBOL programming language, while customer-facing apps are being written in newer languages that tend to be less secure. On top of that, he notes, they're often built in several computer languages. "While developers often know a few languages very well, they don't know all of them," he says. "That makes it difficult to look at the entire app to make sure it's structurally sound."

The integration that modern, customer-facing apps require to operate introduces yet another challenge to achieving structural soundness, notes Curtis. "In the old days, we used to just build an application," he says. "Now that application interacts with a lot of other applications, which continues to create new ways to make mistakes. We're constantly learning about new problems."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.