An article at Wired confirms why consumers may be justified in worrying about the security of mobile financial applications. The story reports on a new survey of consumer applications conducted by ViaForensics, a digital security firm. The findings: a shockingly large percentage of mobile applications store user's account information totally unencrypted.

The Wired story reports that approximately 76 percent of the apps tested by ViaForensics stored "cleartext" usernames on the devices, and 10 percent of the tested applications were found storing passwords on the phone in cleartext, including LinkedIn and NetFlix applications. Even applications that store very personal financial information like Mint.com were found to be insecure, according to the story.  

"If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password," Ted Eull, techology services vice president at ViaForensics, told Wired.

ViaForensics conducted its testing over an eight month period and included a variety of applications like social networking and mobile banking apps. It tested apps on both iOS and Android platforms.

In several cases, according to Wired, companies are at least acting on the study's findings. The story reports that several financial institutions, including USAA and Bank of America, issued security updates to their apps when contacted by ViaForensics.

The article is important for mobile payments since most studies find security concerns to be the largest obstacle to consumer adoption of mobile payments.

A white paper on the study and its findings is also available at the ViaForensics site.

To read more about mobile payment security, visit our Security research center.