A new study has analysed the most popular consumer mobile payment apps, and concluded that they don’t offer enough security.
Mobile app security and analytics company Bluebox Security looked at payment methods including one-click payment merchants and peer-to-peer payment apps. The study included five of the most popular payment solutions for Android and iOS devices.
Bluebox said it had expected security to be robust for mobile apps directly handling financial transactions. However, in every app reviewed the security was “remarkably basic”.
Previous research by the company has shown that 69% of consumers are confident that the apps they use are safe from attack.
But at a time when mobile payment apps are growing in popularity, “pervasive security flaws” have created easy ways for hackers to compromise these applications, putting consumers’ money and companies’ revenue and reputation at risk, Bluebox claimed.
For example, the study revealed that none of the apps encrypted data written to disk, meaning that authentication data, transaction history and other personal information is fully visible to attackers once they have gained access to a device or app.
“Our starting hypothesis was that mobile apps handling financial information would have more rigorous security compared to other mobile apps, but our research uncovered the opposite,” said Andrew Blaich, lead security analyst at Bluebox Security. “As enterprises rush to get apps to market, we are discovering the same security errors from industry to industry. Enterprises need to ensure their apps can defend themselves and make security a seamless step in the development process.”
To guard against the risk of attack, companies should ensure that any mobile payment services they offer are protected with enterprise-grade security measures — specifically ones that focus on the app layer and the data itself, Bluebox advised.
“The use of mobile purchasing apps is indeed on the rise; OC’s recently published research “The connected consumer: a life lived online” reports that 23% of UK consumers say they use mobile purchasing apps a few times a month or more. At the same time 85% of the UK population rank security as most important when making an online payment. This demonstrates how important it is for businesses to address any security issues immediately, keeping in mind that customer convenience should not substantially suffer by security requirements.” Dr. Matthias Terlau, Partner