ImmuniWeb researchers have found vulnerabilities in the web applications, APIs and/or mobile apps of 97 of the 100 largest financial organizations in the world, which are located across 22 countries. The report shows that 85 online banking apps where not compliant with GDPR, while 49 were not compliant with PCI DSS (the security standard for the payment card industry). The three banking websites that did receive the highest security rating were Credit Suisse, Danske Bank and Handelsbanken.
ImmuniWeb CEO Ilia Kolochenko argues that “given the non-intrusive nature of the research and formidable resources available to the top banks studied in the research, the findings urge financial institutions to revise their existing approaches to application security,” especially because “most of the data breaches involve or start with insecure web and mobile apps that are too frequently under prioritized by future victims.”
Read more: Big Banks Vulnerable to Web, Mobile Attacks