More than two-thirds of smartphone owners have not yet adopted mobile banking apps because of security concerns, a survey has revealed.
By contrast, only 14% of those surveyed by security firm Metaforic said that security concerns were preventing them from using PC-based online banking.
Some 19% of respondents indicated that they had personally suffered a mobile security breach or knew someone who had.
Concerns about mobile banking are further supported by a second-quarter report by security firm McAfee that said following a first-quarter mobile malware explosion, Google Android OS malware shows no signs of slowing down.
Another study by security firm Arxan Technologies of 230 top apps from third-party sites outside of the Apple App Store and Google Pay marketplaces found that 92% of iOS apps had been hacked compared with 100% on the Google Android platform.
Read more about mobile banking
These statistics indicate that the mobile environment is potentially more dangerous than the traditional PC environment.
Security researchers have warned that even with password protection, an app can still be compromised through various techniques such as repackaging, drive-by downloads, man-in-the-middle attacks and keyloggers.
“As the convenience of smartphones fuels the surging popularity of mobile banking apps, it’s clear that the average user may not understand the risks involved, and is not taking the security steps needed to protect their mobile devices,” said Dan Stickel, CEO of Metaforic.
“Unless mobile apps are immunised against unwanted modifications, both users and banks face potentially staggering financial risks. It’s just a matter of time until a major breach occurs,” he said.
Security Think Tank: Mobile security
- Read advice from security professionals on the challenges and opportunities of smartphone security policy
Gartner has reported the first publicly announced banking app losses, said Stickel, and it seems likely that compromises will rise along with the popularity and capabilities of these mobile apps.
“In June, McAfee reported more than $78m stolen via automated back-end servers targeting people’s online accounts, and this is just the tip of the iceberg,” he said.