This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

Insecure Banking Apps

Posted on 4th March 2016

Show only this post
Show all posts in this thread.

This BBC report, about how easy it is to hack into the bank accounts of customers who do online banking from their mobile phones, highlights the reason why I don't use my mobile phone for banking (I also don't do in-App purchases on my phone, for the same reason).

Not only do many banking and purchasing Apps keep sensitive data on your phone, from where it can be hacked, but phones (actually SIMs) can be cloned, and traffic (calls and SMSes) can be diverted to another mobile device (as described in the BBC news story).

There are some (usually national) standards to try to make such things more secure, many of which ensure that your sensitive data (bank account numbers, credit card numbers, etc.) are not actually kept on your phone, and if a new SIM is registered for your phone account, these details must be re-established. My project is testing this functionality, amongst other things, right now.

What the article highlights, for me, is just how pathetic the security analyses by NatWest and Royal Bank of Scotland were. I am sure their customers expect better.

If you really need to do online banking and purchasing on your phone, then make sure that your financial service provider complies with good standards. If you are not sure, check with an expert. You might have to change financial institutions and/or mobile provider to get a solution that is good enough.