FSC On Alert Over Vulnerabilities in Internet Banking Apps

2016/04/07

The coming of the mobile finance has led to a surge of mobile banking apps that provide the general public with access to financial services anywhere, anytime. The Financial Supervisory Commission (FSC) has, however, found security weaknesses in many mobile banking apps. The Bankers Association has now been asked to strengthen their protection and apps must undergo more rigorous IT security testing before listing to prevent the theft of customer details. 

The popularity of smart phones has led to banks releasing mobile banking apps that make it easy for the general public to transfer funds, make payments and query financial information. Some can even make hospital reservations and pay for medical expenses. The "Bank 3.0" trend, with its increasingly comprehensive functions, is a key element of the current transformation in banking.

The innovative improvements in convenience are, however, also increasing information security risks. During a recent internal training session at the FSC, the instructor, an IT security expert, reportedly claimed that banking apps are highly exposed. A successful hacker attack can lead to mass theft of credit card, bank account, and other personal details.


The FSC took this claim seriously and selected several banking apps at random for testing including both public and private-owned banks. The tests discovered potential vulnerabilities to hacker attacks. The Bankers Association was therefore directed to revise the current security management standards to require all banks to undergo new information security tests in order to strengthen their protection against hacker attacks.

An FSC official said that as banking apps contain personal details such as accounts and credit cards, and important transaction data such as transfers and buy orders, a higher level of information security is warranted. In other words, banking apps must undergo more rigorous information security testing in the future before they can be listed.

The biggest concern for officials is hackers breaking into the mobile apps on personal mobile phones. They can not only steal all the money in the account but may also escape detection by the bank. These are risks that cannot be easily dismissed.


Hackers are everywhere and there have been numerous leaks due to IT security vulnerabilities in recent years. In 2014 for example hackers broke into Apple's iCloud and leaked nude photos of famous actresses. In a more recent case, the Federal Reserve Bank in New York was hacked leading to the theft of US$100 million in savings from the Bangladeshi government. These cases highlight the importance of information security.

Apart from frontline protection against hackers, the FSC also directed banks to clearly state to their customers how personal details collected through mobile banking apps will be used and processed. This will give customers more peace of mind when providing their personal details.