The banking industry is no stranger to security concerns. They are indeed one of the largest purchasers of security products and services globally. The rush to bring mobile applications to the marketplace by enterprises has not overlooked financial firms, however, and they are simply not applying basic principals of secure application development - such as build security in from the very beginning, and test the security before deploying the applications. I am absolutely floored by the number of financial applications available on the iPhone (for example) that do not require something as simple as a PIN to enter the application after storing the password (let alone encrypting the password).
It is carelessness at best, and completely irresponsible at worst. Banks, Large Enterprises, and Health Care organizations should make maximizing security a priority with any and every application that deals with ANY potentially sensitive information...and they consistently fail to do so often enough to convince me that there will be a lot more breaches before things get better.
What I also find remarkable is how a company like Apple, who scrutinizes application submissions and regularly rejects applications that use foul language, show nudity, or (God forbid) replicates Apple functionality. Yet Apple does not bother to reject applications submitted by banking and health care organizations (the latter being something I am personally well aware of) that fail to encrypt information. Is this their responsibility?
Yes it is!
Security is everyone's responsibility, and until we understand that, we will continue down the same path with every new technology, platform, and latest and greatest thing that comes down the pike.
You can bank on that.