12:16 PM
Connect Directly

Report Points to Security Holes in Customer-Facing Bank Apps

The CRASH Report, a study of the structural quality of applications, reveals that banks have some work to do when it comes to making their customer-facing applications structurally sound and secure -- especially as they innovate in the mobile channel.

Key to avoiding and combatting these application problems is continuing education, asserts Curtis. "Software engineering is a relatively new discipline," he says. "Computer science departments don't teach the engineering of how to apply computer science to the applications that run the banks. Once they get out into the real world there's an awful lot to learn."

At the very least, warns Curtis, all developers should be aware of the common known weaknesses that hackers tend to exploit and avoid them when building applications -- which is something he says isn't happening enough now. Banks can point their developers to the Common Weakness Enumeration website, a free resource that identifies these known weakness, and do upfront inspections of codes against a checklist of them, he notes. Beyond testing and analysis of code design, Curtis says that bank IT departments also must do a static analysis that looks of an entire structure of an application as well as a dynamic analysis that runs the code to look for performance issues.

As banks increasingly innovate in the mobile channel, taking the proper steps to ensure the structural soundness of applications becomes more important than ever, says Curtis. "Security will raise its head in new ways that are more taxing on the bank because of all the different ways hackers can reach them," he says. He acknowledges that mobile applications could be just as secure as other apps, saying, "I don't think we're there today, but we can get there."

[Click here for more on how smartphone users are experiencing increased identity fraud.]

2 of 2
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.