NEW YORK (8/11/11)--About 25% of mobile banking programs received a “fail” rating for security in a study conducted by viaForensics. The failures mostly occurred because testers could capture a user password or other sensitive user data from a user’s mobile device (American BankerAug. 8). In some cases, the apps stored a security personal identification number or a user name and password. Testers also were able to recover payment history, partial credit card numbers and other transaction-related data. About 31% of mobile banking apps received a “warn” grade because a user name or other app data were present, but the information was not considered a significant risk to the user. The other 44% of mobile banking apps passed the test. Unencrypted passwords are the major source of risk for financial institutions, according to Andrew Hoog, chief investigative officer at viaForensics. Hoog noted users tend to store their passwords on their devices and carry the devices with them. The devices usually are online--susceptible to hackers--and outside of the financial institution’s control, Hoog said. The report also said that of social networking or retail mobile apps tested, none passed.