3 min read
Why do banks see app shielding as a crucial part of their mobile strategy?
People have high levels of trust in traditional banks. We trust banks with our money and expect our savings to be safe and protected. That’s why banks are trying to stay one step ahead of their cyber adversaries. As mobile banking usage continues to grow, due to increased demands for greater convenience and accessibility, investments in mobile banking security is likely to follow, Dvorák believes.
He also points out that banks must comply with the new PSD2 and GDPR legislations. The new legislation will also affect banking security and drive adoption of proven security solutions even further.
Building secure and reliable mobile apps is complex. As a result, banks turn to vendors that offer ready-to-use and easy to integrate security solutions.
Banks have also realized the complexities of building reliable security measures for their mobile apps. It requires insights into several fields of expertise and is consequently both complicated and time-consuming. As a result, banks often turn to vendors that offer ready-to-use and easy to integrate security and authentication solutions, Dvorák says.
What are the current mobile app threats to banks?
Public app stores are a veritable playground for attackers. Attackers can reverse engineer virtually any banking app they download from a public app store. This allows attackers to determine how the banking app runs and do any number of things to cause damage. For example, they can insert code into the regular banking app that enables them to steal user credentials, or trick users into downloading and installing a modified version of the banking app, Dvorák explains.
Another threat is banking trojans able to monitor and record keyboard use, including the information typed into a system, which might include the content of emails, usernames, and passwords for apps, as well as financial information like credit card numbers.
Banks also seek protection from so-called overlay attacks. In an attempt to steal user credentials, an overlay attack uses a vulnerability in the mobile ecosystem to create a fake login that sits on top of the regular mobile banking login. These attacks are often successful because they strike unexpectedly.
New and advanced mobile malware is another emerging threat. The latest malware families have the capability to root the device they infect, allowing users of devices and/or apps to attain privileged control or root access over Android subsystems. As a result, the malware can gain full control of the operating system, and subsequently, modify the code of the mobile banking app to perform payments that haven’t been approved. Administrative rights also allow the malware samples to perform a much wider range of nefarious actions, such as accessing other apps’ data or recording keystrokes, Dvorák says.
How can Promon and Wultra help?
Sophisticated attacks require preparation. By protecting their apps with Promon’s app shielding solution, Promon SHIELD™, banks can prevent application decompilation, reverse engineering, runtime manipulation and app re-packaging.
Go beyond basic best practices for secure programming without harming the end-user experience.
App shielding is a research- intensive and constantly evolving technology discipline. It requires ongoing research and development effort. By choosing Promon’s easy to integrate app shielding solution, your banking app gets security functionalities that go beyond basic best practices for secure programming, without harming the end-user experience.
App shielding also complements authentication solutions and dramatically strengthens the security. It makes sure that malware or an attacker is unable to tamper with cryptographic routines and prevents leakages and cybercriminals from stealing stored keys.
Based on in-depth monitoring and control of the operating system, Promon SHIELD™ offers a proactive and whitelist-based technology, protecting both the app itself in addition to input/output to and from the app. Your Android or iOS apps can be quickly uploaded and secured in minutes by using our integration tool, or an SDK that is easily integrated into the app. Once secured, the app is immediately ready for distribution via public app stores.
Strong authentication solutions, such as Wultra Mobile Security Suite, allow banks to prove customer identity reliably. It helps banks to verify that payments are sent from the right device, using the correct application in a still supported version, and to verify the sender. There are also several benefits for the user. Mobile banking users can use a simple PIN code, face recognition or fingerprint scanning when logging in or approving payments – all without compromising security.