Mobile apps and security threats
In recent years, the financial services industry has faced challenges and explored new opportunities to make digital transformation a reality.
The arrival of Fintechs has pushed tech companies and forward-thinking banks to innovate, leading to the launch of successful digital banking, and mobile banking and payment services.
These services changed consumer behaviour and expectations forever.
We can all now open a bank account in less than 10 minutes, pay by waving a phone or send money to a peer from a mobile app.
Unsurprisingly, this step-change is accompanied by a new and growing number of mobile security threats.
100% increase in banking Trojans in 2018
McAfee Labs noted a +77% increase in banking Trojans in 2017 and another +100% from January to September 2018 in its Q1 2019 threats report.
More globally, mobile financial apps containing valuable data are prey to an increasing number of attacks.
According to the same company, today's malware is very aggressive and powerful. Malware is no longer developed just by isolated groups or teenagers who want to prove something. Criminal groups now develop it, and hacktivists, to spy on, steal, or destroy data and generate millions of USD in profit.
The growth of mobile malware from 2015-2017 shown below has kept on booming in 2018 with a clear focus on mobile banking as for fraudsters "Banks are where the money is".
New types of malware are spreading through very different methods:
- from non-official app stores (overall 204B have been downloaded in 2019 alone),
- from emails containing viruses in their attachments,
- through trojanized legitimate applications,
- from computers to mobile phones.
Recent social engineering attacks on corporate banking have proven the creativity of cybercriminals.
The three challenges of mobile banking security
In this context, mobile banking service providers need to solve a complex puzzle when it comes to protecting their applications:
- Maximise user reach despite mobile device fragmentation
- Address the lack of control of mobile devices in the field and how they are used
- Maintain end-user convenience with authentication solutions that work for everyone.
Here is when Application Shielding comes to the rescue.
How can we secure mobile banking apps?
Gartner defines Application Shielding in its Market Guide for Application Shielding as
"a set of technologies that modify an application's source, byte or binary code, to make the application more resistant to intrusion, tampering and reverse engineering".
"Application shielding is a research-intensive space in constant evolution, with vendors that require R&D effort to maintain credible solutions. Constant updates from vendors are needed in this space."
Mobile app shielding toolkit
Thales Gemalto Mobile Security Toolkit, is a comprehensive Mobile Application Shielding offering that integrates all the best practices that Thales has built and implemented over the years in the digital banking world to secure mobile applications and guarantee their data integrity.
The list of possible vulnerabilities of unprotected mobile applications is long.
The Toolkit lets you focus just on developing your mobile application, not on its security.
It enables you to implement the latest protection techniques while saving you time, energy and money.
Gemalto Mobile Security Toolkit will help you to:
- The integrity of the Mobile App
- Sensitive Assets
- Unsafe environments
- Attacks attempts
- Stop execution
- Perform custom actions such as warning users or sending an alert to a risk-management server
Mobile shielding security pillars
Runtime Application Self Protection
Detect that the mobile environment is potentially compromised or mobile application is under attack
Prevent hackers from scrutinising the mobile application and understanding their logic and security protections
White Box Cryptography
Hide secrets and cryptographic keys from the hacker, even in a compromised environment
Prevent discovery of the Knowledge factor
Advanced mobile security features
Gemalto Mobile Security Toolkit provides advanced and tailor-made security features.
- Runtime Application Self Protection
Gemalto Mobile Security Toolkit offers protection against dynamic analysis thanks to Runtime Application Self-Protection (RASP), such as Jailbreak/root detection, anti-hooking, anti-debug, and anti-tampering.
Gemalto Mobile Security Toolkit offers protection against static analysis (code hardening). It secures your application against cloning, piracy, tampering and key extraction by applying state-of-the-art obfuscation and encryption techniques.
- Secure storage
The secure storage functionality is built to protect sensitive data that is stored within the mobile banking application itself, such as cryptographic keys or any other type of secrets.
- Secure User Interface
Finally, Gemalto Mobile Security Toolkit offers a secure keypad, which is a unique feature on the market. This secure keypad prevents keylogging and memory dump attacks.
Gemalto Mobile Security Toolkit protects your banking application from the most sophisticated and targeted malware, securing the most valuable asset for a bank: consumer trust.
Gemalto Mobile Security Toolkit is the perfect foundation for a multi-layered security approach that includes multi-factor authentication, secure messaging and risk-based authentication.
It's a natural way to be fully in line with all the requirements of new regulations such as PSD2, FFIEC, MAS, and HKMA.
App shielding: How does it work?
Here is how Gemalto Mobile Security Toolkit protects your app from sophisticated and targeted malware, detects suspicious environments, and helps you react quickly and make sure your sensitive data is secure.
Stay with us and watch these videos.
Now it's your turn
What do you think?
If you've something to say on mobile security and app shielding, a question to ask, or have simply found this page useful, please leave a comment in the box below.
We look forward to hearing from you.