Why app shielding matters to MONETA Money Bank

MONETA Money Bank is a Czech Republic-based retail and expanding small and medium enterprises (SME) bank. The company holds a universal banking licence and provides a range of retail and SME-focused financial products and services. MONETA operates through a national distribution network of 229 branches and through alternative distribution channels, including the internet, its call centre, auto dealers, brokers and leasing partners.

MONETA together with its controlled subsidiaries offers current accounts, savings accounts, term deposits and transactional banking products including payment services and debit cards, consumer loans, credit cards, overdrafts, mortgages and auto loans, auto leases and other complementary products such as bancassurance and sales of investment funds.

Complying with PSD2 and its RTS

On November 27, 2017, the EU Commission released the long-awaited regulatory technical standards (RTS) for PSD2. The RTS defines the whole range of requirements for digital banking security. Quoting Chapter II Article 9, it may also be argued that RTS implies that app shielding is a necessary component of any mobile banking app:

  1. Payment service providers shall adopt security measures,
    where any of the elements of strong customer authentication or
    the authentication code itself is used through a multi-purpose
    device, such as mobile phone or tablet, to mitigate the risk which
    would result from that multi-purpose device being compromised
  2. For the purposes of paragraph 2, the mitigating measures shall include each of the following:
    (a) the use of separated secure execution environments through the software installed inside the multi-purpose device;
    (b) mechanisms to ensure that the software or device has not been altered by the payer or by a third party;
    (c) where alterations have taken place, mechanisms to mitigate the consequences thereof.

This excerpt implies that banks are responsible for implementing security measures to make sure that mobile devices aren’t altered, apps not modified at rest or in runtime, and that the apps can’t be tampered with by payer or any other third party.

Promon SHIELD™ provides the solution

App shielding is a natural and the most straightforward way to cover the regulatory technical standards for PSD2. Like many other security-focused and innovative banks, MONETA Money Bank is now protecting their mobile apps against the ever-changing threat landscape while maintaining a frictionless user experience with Promon SHIELD™. The Smart Banka app by MONETA Money Bank is the first banking app in the Czech Republic that actively fights against the whole range of sophisticated attacks, such as:

  • Malware attacks
  • Vulnerabilities related to rooting or jailbreaking
  • Debugger connection
  • Code or framework injection
  • Application repackaging and app integrity breaches
  • Malicious screen readers or untrusted keyboards
  • Overlay attacks
  • Man-in-the-app and man-in-the-middle scenarios

You can easily turn your app into a self-protecting app. Your Android or iOS apps can be quickly uploaded and secured in minutes by using our integration tool, or an SDK that is easily integrated into the app. Once secured, the app is immediately ready for distribution via public app stores.

App shielding is crucial to preserve and improve your business reputation

Attacks can have devastating consequences. User data can be stolen, putting businesses at risk of regulatory compliance violations and bad publicity. Financial fraud can be committed, resulting in lost revenue. And, of course, there’s the loss of customer and shareholder trust, all having impact on brand reputation. If the attack goes on long enough, a business could sustain irreparable damage. MONETA Money Bank takes continuous steps to stay compliant and—mainly—ahead of their cyber adversaries.