Like many other security-focused and innovative banks, MONETA Money Bank is now protecting their mobile apps against the ever-changing threat landscape- while maintaining a frictionless user experience with Mobile App Shielding by Promon SHIELD™.
The Smart Banka app by MONETA Money Bank will be the first banking app in the Czech Republic that actively fights against the whole range of sophisticated attacks, such as:
- Malware attacks
- Vulnerabilities related to rooting / jailbreak
- Debugger connection
- Code or Framework injection
- Application repackaging and app integrity breaches
- Malicious screen readers or untrusted keyboards
- Overlay attacks
- Man-in-the-app and man-in-the-middle scenarios
- Sensitive embedded key protection (white-box crypto)
Why Does Application Shielding Matter?
Application Shielding is a critical requirement for PSD2 compliance. Now, most people view the new PSD2 legislation as an “open banking legislation.” However, PSD2 — or more specifically, the RTS — defines the whole range of requirements on digital banking security. In our opinion, it strongly implies that Application Shielding is a necessary component of any mobile banking app. Now, why is that?
Let’s quote the final version of the RTS:
2. Payment service providers shall adopt security measures, where any of the elements of strong customer authentication or the authentication code itself is used through a multi-purpose device, such as mobile phone or tablet, to mitigate the risk which would result from that multi-purpose device being compromised.
3. For the purposes of paragraph 2, the mitigating measures shall include each of the following:
– (a) the use of separated secure execution environments through the software
installed inside the multi-purpose device;
– (b) mechanisms to ensure that the software or device has not been altered by the payer or by a third party;
– (c) where alterations have taken place, mechanisms to mitigate the consequences thereof.
This excerpt implies that banks are responsible for implementing security measures to make sure that the mobile device was not altered, the app was not modified at rest or in runtime, and that the application cannot be tampered with by the payer or any other third party (for a malicious reason or not). The Application Shielding is a natural and the most straight-forward way to cover this requirement.
We are happy to see that MONETA Money Bank does continuous steps to stay compliant and — mainly — ahead of their cyber adversaries. And we are even happier that they decided to work on these topics with our partner, Wultra.