> The reality is, the mobile app development is outsourced to incompetent teams for presumably the lowest price who "ensure security" by just saying, "lets chuck a library in that prevents running if the device is detected as being rooted, and call it a day".
I don't understand, why people think so. Banks hire good developers. They don't pay them well (by banks' own standards), but they still pay enough to hire competent programmers.
Unfortunately, working in bank is highly competitive environment, that fosters sycophants and rewards socially adept people, good at obeying orders to letter. Who cares, what the programmers think, they are at the bottom of command chain anyway.
The fraud prevention is often split into it's own department. As for "computer security" department, it is a fang-less security circus, that exists to satisfy PCI DSS. In some banks it outright pretends, that web sites and mobile apps don't exist. All your data will be processed in "secure server enclave", managed by "certified professionals", while sending hashes of credit card numbers to Google Analytics.
I don't understand, why people think so. Banks hire good developers. They don't pay them well (by banks' own standards), but they still pay enough to hire competent programmers.
Unfortunately, working in bank is highly competitive environment, that fosters sycophants and rewards socially adept people, good at obeying orders to letter. Who cares, what the programmers think, they are at the bottom of command chain anyway.
The fraud prevention is often split into it's own department. As for "computer security" department, it is a fang-less security circus, that exists to satisfy PCI DSS. In some banks it outright pretends, that web sites and mobile apps don't exist. All your data will be processed in "secure server enclave", managed by "certified professionals", while sending hashes of credit card numbers to Google Analytics.