ICFE eNEWS #15-21 - June 25th 2015
View this eNEWS online
Is Your Company's Mobile App Putting
Your Customers At Risk For Fraud?
By Ginny Grimsley
New Forms Of Malware Make Bank And Retail Apps Vulnerable,
Says Cyber Security Expert
National Print Campaign Manager
News and Experts
3748 Turman Loop #101
Wesley Chapel, FL 33544
Tel: 727-443-7115, Extension 207
Mobile apps are becoming big business for businesses.
Many bank customers now check their account balances or transfer funds
through an app on their cell phones. Savvy retail shoppers can use a
favorite store's apps to learn about discounts, access coupons and find
"The apps for financial institutions and retailers are getting greater
use and that can be wonderful for business," says Gary Miliefsky, CEO of
SnoopWall, a company that specializes in cyber
But as with so many things in the cyber world, caveats are connected.
Even as companies provide additional services through those apps, they
may be putting their customers at risk for fraud.
"Most companies don't realize just how vulnerable their apps are and
what the potential is for leaking their customers' personal
information," Miliefsky says. "And when that happens, it's bad for
He suggests a few reasons why most companies need better protection for
their mobile apps:
"Businesses have become great at creating useful apps that their
customers eventually feel they can't live without," Miliefsky says. "But
the failure to secure that app is going to come back to haunt the
business over the long haul."
- New forms of mobile malware are being widely deployed in the major
app stores and can eavesdrop on a customer through a company's app.
"These new forms of malware are undetected by anti-virus engines and are
able to circumvent encryption, authentication and tokenization,"
Miliefsky says. "That makes it easy for cyber criminals to exploit the
personal information of a company's customers and commit fraud."
- The PCI Data Security Standard requires merchants to protect
credit-card holder data. Likewise, mobile-commerce providers must
protect any payment card information, whether it is printed, processed,
transmitted or stored, Miliefsky says. "Even though a customer has the
breach on their mobile device, the retailer is responsible because it
was their app that allowed the eavesdropping," he says. A breach of
credit-card information potentially could result in fines for the
retailer, Miliefsky says.
- The FDIC requires banks that are providing an ATM-like online or
mobile-banking experience to protect access to the confidential records
of the consumer, the consumer's bank account information, user name and
password credentials, and bill payment and check-deposit services. Just
like with retailers, it doesn't matter that the breach happened on the
customer's mobile device, Miliefsky says. The bank's app caused the
problem because it allowed the eavesdropping, so "the risk and the
responsibility is the bank's not the consumer's, he says. And, as in the
case with retailers, banks could face fines for a breach.
About Gary S. Miliefsky
Gary S. Miliefsky is CEO of SnoopWall and the
inventor of SnoopWall spyware-blocking technology. His company produces
AppCrusher, which gives companies a detailed analysis of any
vulnerabilities or risks in their mobile apps. Miliefsky is a founding
member of the U.S. Department of Homeland Security and serves on the
advisory board of MITRE on the CVE Program, and is a founding board
member of the National Information Security Group. He's also the
original inventor of the NetBeat NAC product line which was recently
acquired by SnoopWall to protect networks from the inside and against
bring your own device (BYOD) mobile threats.
ICFE eNEWS is available FREE upon request by visiting the ICFE's
and filling out the contact form, selecting "Yes" for "Add to Mailing List."
Please pass this eNEWS on to your peers and interested others and
invite them to subscribe for free. Also, visit the ICFE's new Web site:
Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)
ICFE - Institute of Consumer Financial Education -