Security analysis and evaluation of mobile banking applications in Nigeria

Abstract

Rapid fintech adoption across the world is so ubiquitous. To facilitate more adoption in Nigeria, recently the Central Bank of Nigeria (CBN) introduced several  policies  that  support  cashless  banking.  Nowadays,  Nigerian  banks users  could  perform  most  of  their  daily  transactions  from  any  desired location  using  mobile  banking  applications.  In  the  literature,  there  are insufficient  studies  that  comprehensively  evaluate  the  security  strength  or risks of these applications. Generally,  insecure  mobile  banking applications could lead to financial fraud, violations of privacy, identity theft and eroded user confidence. Considering the situation, there is need to conduct research which comprehensively assess security of the applications. Consequently, in this  paper  we  analyzed  and  evaluated  the  security  of  identified  popular mobile  banking applications  in  Nigeria.  We  conducted  the  analysis  work using automated and manual static analysis methods. Then, we evaluated the security  of  the  applications  using  multi-criteria  decision-making  technique. Our  results  revealed  that  most  of  the  applications  have  several  security challenges  in  form  of  vulnerabilities  and  insecure  coding  practices.  Hence, our  findings  have  shown  the  applications  need  further  improvements  for better security and safety.