Positive Technologies company published a report with the results of a study of the security of web applications for remote banking services (online banks).
In general, as the analysis showed, the security of the corresponding systems leaves much to be desired. Experts have found that most online banks contain critically dangerous vulnerabilities, the exploitation of which can result in extremely negative consequences.
In particular, in every second - 54% - banking application, fraudulent transactions and theft of funds are possible.
All online banks are exposed to the threat of unauthorized access to personal data and banking secrecy. And in 77% of the systems surveyed, deficiencies in the implementation of two-factor authentication mechanisms were identified.
Fraudulent transactions and theft of funds are most often possible due to errors in the logic of online banking. For example, repeated repetition of so-called attacks on rounding the amount of funds during currency conversion can lead to significant financial losses for the bank.
Positive Technologies notes that ready-made solutions offered by third-party software providers contain three times fewer vulnerabilities than systems developed by banks independently.
However, there are also positive aspects. Thus, in 2018, a decrease was recorded in the share of high-risk vulnerabilities in the total number of all identified deficiencies in online banking applications.
Source: 3dnews.ru