From Fraud to Fixes: Designing Usable Security for Financial Applications | An OWASP AppSec Global 2025 Conversation with Wojciech Dworakowski | On Location Coverage with Sean Martin and Marco Ciappelli episode artwork

EPISODE · Jun 2, 2025 · 11 MIN

From Fraud to Fixes: Designing Usable Security for Financial Applications | An OWASP AppSec Global 2025 Conversation with Wojciech Dworakowski | On Location Coverage with Sean Martin and Marco Ciappelli

from The ITSPmagazine Podcast · host Sean Martin, Marco Ciappelli, ITSPmagazine Event Coverage, Wojciech Dworakowski

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today’s financial systems: the vulnerability of mobile-only banking apps when it comes to transaction authorization.Wojciech points out that modern banking has embraced the mobile-first model—sometimes at the cost of fundamental security principles. Most banks now concentrate transaction initiation, security configuration, and transaction authorization into a single device: the user’s smartphone. While this offers unmatched convenience, it also creates a single point of failure. If an attacker successfully pairs their phone with a victim’s account, they can bypass multiple layers of security, often without needing traditional credentials.The discussion explores the limitations of relying solely on biometric options like Face ID or Touch ID. These conveniences may appear secure but often weaken the overall security posture when used without additional independent verification mechanisms. Wojciech outlines how common attack strategies have shifted from stealing credit card numbers to full account takeover—enabled by social engineering and weak device-pairing controls.He proposes a “raise the bar” strategy rather than relying on a single silver-bullet solution. Suggestions include enhanced device fingerprinting, detection of emulators or rooted environments, and shared interbank databases for device reputation and account pairing anomalies. While some of these are already in motion under new EU and UK regulations, they remain fragmented.Wojciech also introduces a bold idea: giving users a slider in the app to adjust their personal balance of convenience vs. security. This kind of usability-driven approach could empower users while still offering layered defense.For CISOs, developers, and FinTech leaders, the message is clear—evaluate your app security as if attackers already know the shortcuts. Watch the full conversation to hear Wojciech’s real-world examples, including a cautionary tale from his own family. Catch the episode and learn how to design financial security that’s not just strong—but usable.GUEST: Wojciech Dworakowski | OWASP Poland Chapter Board Member and Managing Partner at SecuRing | https://www.linkedin.com/in/wojciechdworakowski/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Wojciech Dworakowski breaks down the hidden risks in mobile-only banking, where convenience often compromises transaction security. From real-world attack methods to practical solutions, this episode challenges FinTech leaders to rethink how they protect users in a smartphone-driven world.

NOW PLAYING

From Fraud to Fixes: Designing Usable Security for Financial Applications | An OWASP AppSec Global 2025 Conversation with Wojciech Dworakowski | On Location Coverage with Sean Martin and Marco Ciappelli

0:00 11:29

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of The ITSPmagazine Podcast?

This episode is 11 minutes long.

When was this The ITSPmagazine Podcast episode published?

This episode was published on June 2, 2025.

What is this episode about?

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Sean Martin connects with event speaker, Wojciech Dworakowski, to unpack a critical and underexamined issue in today’s financial systems: the vulnerability of mobile-only...

Can I download this The ITSPmagazine Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!