Fiserv iOS Apps Log Passwords Insecurely

Background

The Fiserv apps listed below all have the same security problem--they exposes passwords in a log on the phone. Each link goes to a page detailing my test and notification actions.

CalWest Bank
First Fed SB - Evansville, IN
GCB
Level One Personal Banking
MCSB Mobile Banking

This practice is unacceptable for any app, according to the OWASP https://github.com/OWASP/owasp-masvs, specifically, this item:

2.1 MSTG-STORAGE-3: No sensitive data is written to application logs.

Notification

I sent this message on 1-12-2020:

Posted 1-12-2020 by Sam Bowne