Abstract
M.Com. (Computer Auditing)
Mobile applications have grown to be the preferred mode of the banking sector and end-user’s means of conducting transactions due to benefits of ease of use and cost. The proliferation of mobile applications increases the likelihood that some may include IT security vulnerabilities. The objective of this paper is to examine the impact that mobile applications’ IT security risks have on the IT security controls in the South African (SA) banking sector – and the frameworks used by the organisations to assess the IT security controls related to mobile applications. An electronically administered questionnaire was sent to IT security analysts who are responsible for assessing IT security risks at the big four banking organisations in SA.
The findings of this paper reveal that a number of IT security risks in mobile banking applications are related to inadequate software coding. Software programmers are more concerned with mobile application functionality than with IT security and this is the root cause of the noted finding. Banking organisations should ensure that mobile applications are secure before deployment to proactively prevent prospective attacks on their organisation’s IT control environment. This can be realised by conducting IT security audits, vulnerability assessments, and penetration testing throughout the software development lifecycle.