ICFE eNEWS #15-21 - June 25th 2015
"Is Your Company's Mobile App Putting Your Customers At Risk For Fraud?
By Ginny Grimsley
New Forms Of Malware Make Bank And Retail Apps Vulnerable, Says Cyber Security Expert"
National Print Campaign Manager
News and Experts
3748 Turman Loop #101
Mobile apps are becoming big business for businesses.
Many bank customers now check their account balances or transfer
funds through an app on their cell phones. Savvy retail shoppers
can use a favorite store's apps to learn about discounts, access
coupons and find daily deals.
"The apps for financial institutions and retailers are getting
greater use and that can be wonderful for business," says Gary
Miliefsky, CEO of SnoopWall,
a company that specializes in cyber security.
But as with so many things in the cyber world, caveats are
connected. Even as companies provide additional services through
those apps, they may be putting their customers at risk for
"Most companies don't realize just how vulnerable their apps are
and what the potential is for leaking their customers' personal
information," Miliefsky says. "And when that happens, it's bad
He suggests a few reasons why most companies need better
protection for their mobile apps:
"Businesses have become great at creating useful apps that their
customers eventually feel they can't live without," Miliefsky
says. "But the failure to secure that app is going to come back
to haunt the business over the long haul."
- New forms of mobile malware are being widely deployed in
the major app stores and can eavesdrop on a customer through
a company's app. "These new forms of malware are undetected
by anti-virus engines and are able to circumvent encryption,
authentication and tokenization," Miliefsky says. "That
makes it easy for cyber criminals to exploit the personal
information of a company's customers and commit fraud."
- The PCI Data Security Standard requires merchants to
protect credit-card holder data. Likewise, mobile-commerce
providers must protect any payment card information, whether
it is printed, processed, transmitted or stored, Miliefsky
says. "Even though a customer has the breach on their mobile
device, the retailer is responsible because it was their app
that allowed the eavesdropping," he says. A breach of
credit-card information potentially could result in fines
for the retailer, Miliefsky says.
- The FDIC requires banks that are providing an ATM-like
online or mobile-banking experience to protect access to the
confidential records of the consumer, the consumer's bank
account information, user name and password credentials, and
bill payment and check-deposit services. Just like with
retailers, it doesn't matter that the breach happened on the
customer's mobile device, Miliefsky says. The bank's app
caused the problem because it allowed the eavesdropping, so
"the risk and the responsibility is the bank's not the
consumer's, he says. And, as in the case with retailers,
banks could face fines for a breach.
About Gary S. Miliefsky
Gary S. Miliefsky is CEO of SnoopWall and
the inventor of SnoopWall spyware-blocking technology. His
company produces AppCrusher, which gives companies a detailed
analysis of any vulnerabilities or risks in their mobile apps.
Miliefsky is a founding member of the U.S. Department of
Homeland Security and serves on the advisory board of MITRE on
the CVE Program, and is a founding board member of the National
Information Security Group. He's also the original inventor of
the NetBeat NAC product line which was recently acquired by
SnoopWall to protect networks from the inside and against bring
your own device (BYOD) mobile threats.
eNEWS is available FREE upon request by visiting our Web site and
filling out the
contact form, and
selecting "Yes" for "Add to Mailing List. Please pass this eNEWS on to your peers and
interested others and invite them to
subscribe for free.
Also, visit the ICFE's new Web site: StudentDebtHelp.org
Paul S. Richard
President - Executive Director
Institute of Consumer
Financial Education (ICFE)
About the ICFE:
The Institute of Consumer Financial Education (ICFE) was founded in 1982 by the late Loren Dunton (creator of the Certified Financial Planner (CFP) designation). The ICFE is dedicated to helping consumers of all ages to improve their spending, increase savings and use credit more wisely.
The ICFE is an award winning, nonprofit, consumer education organization that has helped millions of people through its education programs and Resources. It publishes the Do-It-Yourself Credit File correction Guide, which is updated annually. The ICFE has distributed over one million Credit/Debit Card Warning Labels and Credit/Debit Card Sleeves world wide.
The ICFE became an official partner with the Department of Defense/Financial Readiness Campaign in June of 2004.The ICFE was an active partner in the California Student Debt Resource Awareness Project (CASDRAP) which resulted in a new web site: (studentdebthelp.org). CASDRAP disbanded in 2010, shortly after the web site project was completed. In 2011 the ICFE assumed the single sponsorship of the (studentdebthelp.org) web site and is now responsible for its content and operation.
The ICFE is also an on-line help for consumers who spend too much. ICFE's spending help was featured in PARADE Magazine in the Intelligence Report section. The money helps and tips are from the ICFE's Money Instruction Book, our course in personal finance.
Visit the ICFE's other web sites at: www.financial-education-icfe.org and studentdebthelp.org. Both sites helps consumers and students with mending spending, learning about the proper use of credit, budget and expense guidelines, how to set up and implement a spending-plan and also how to access financial education courses and how to teach children about money. Other ICFE services include: Ask Mr. G, a free eNews, and an online resource center for students, parents and educators, plus financial education learning tools and a book store.