“Gartner Listed - mobile application security guide”

March 16, 2017

Indian banks failing to obstruct hacking

As digital payment apps take over after India’s demonetisation stopping hacking and transaction fraud has taken centre stage for the banks and financial institutions, showing the need for preventative security measures such as mobile app security testing.

According to experts, mobile apps are a high risk for security breaches. When banks fail to guard against these risks, in spite of ongoing transcation fraud, there’s the potential for high financial losses.

Since demonetisation multiple apps are being developed through the collaboration of the National Payments Corporation of India (NPCI) and some banks and e-wallet companies. Kartik Shine, Partner, Advisory Services at EY said, mobile app security testing is taking place: “Banks are conducting a lot of audits with new applications including the UPI, BHIM and their own apps. There are still some gaps and banks still have a long way to go. Many smaller banks outsource a lot of security operations to third-party entities. We are also helping many banks in doing the audits and getting the compliance in place.”

According to data released by RBI in February, transactions through the government’s Unified Payments Interface (UPI) exceeded the value of those through digital wallets. Mobile wallets recorded 53.9 million transactions worth Rs. 1,270 crore  from February 1 to February 19 while UPI recorded 2.9 million transactions worthRs. 1,310 crores in the same time period.

ICICI Bank in January temporarily suspended transactions from Flipkart’s app PhonePe until it resolved its restrictive practices. In the meantime, the State Bank of India blocked all of its customers from transferring money into their e-wallets. Chairman of SBI said that a number of recent security breaches were the reason for blocking the service, as advised by the bank committee that foresees security breaches and high risks.

According to an official at Bank of Baroda, banks face new threats every day because of frequent development of new apps. Banks realize that security is now an ongoing process, and they have collaborated with many firms including EY, PwC and Paladion for effective security compliance and mobile app security testing.

The Indian IT Act does not make it obligatory to notify the regulator in case of breach. But the Reserve Bank of India regulates banks to notify it, the Institute of Development and Research in Banking Technology, or the Computer Emergency Response Team in all cases of a security breach.

In October last year, Deputy Governor at RBI SS Mundra said at a public address, “It is important to pay sufficient attention while procuring/implementing any new devices/ solutions… The banks which are big on mobile banking as a service delivery tool must also look to guard against this emerging risk. There is a need to evolve a blueprint of co-ordination between financial institutions and public authorities in such an eventuality.”

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.