It’s not great news — especially with the holiday season here and mobile payments winging their way across the land.
The issue? Bluebox Security, a mobile app security and analytics company (and the first to pioneer self-defending apps for consumers), just released findings from its 2015 “Payment App Security Study.”
Overall, it’s not a pretty picture.
“Bluebox confirmed that insufficient security controls are surfacing across consumer mobile payment apps, including five of the most popular solutions for both Android and iOS devices,” the Bluebox team tells us. “These findings, coupled with the fact that for the first time online purchases made on mobile devices will overtake desktop purchases this holiday season, mean mobile payment solutions are now a prime source of risk.”
When Bluebox Security examined mobile payment apps, it expected some measure of more robust security. But every app reviewed illustrated that security was way too basic.
“Yet consumers are naively placing their trust and their dollars in these apps, as 69 percent of those polled by Bluebox were confident that the apps they use are safe from attack,” the company’s news release reads.
Several security risks were uncovered, including the fact that peer-to-peer (P2P) apps lack enterprise-grade protections and harbor vulnerabilities easily exploited by hackers.
Unfortunately, consumer info is ripe for the picking.
“None of the five apps encrypted data written to disk, meaning authentication info, transaction history, and other personal information is fully visible to attackers once they’ve gained access to a device or app,” Bluebox Security said. “Enterprises providing consumer-facing applications need to secure this information or risk damaging brand reputation.”
“Our starting hypothesis was that mobile apps handling financial information would have more rigorous security compared to other mobile apps, but our research uncovered the opposite. As enterprises rush to get apps to market, we are discovering the same security errors from industry to industry,” explains Andrew Blaich, the company’s lead security analyst. “Enterprises need to ensure their apps can defend themselves and make security a seamless step in the development process.”
Want to know more? Read the Bluebox blog on the results here.