In recent years, the financial services industry has faced challenges and explored new opportunities to make digital transformation a reality. The arrival of
Fintechs has pushed tech companies and forward-thinking banks to innovate, leading to the launch of successful mobile banking and payment services, and changing consumer behavior and expectations forever.
We can all now:
- Open a bank account in less than 10mn
- Pay by waving a phone
- Or send money to a peer from a mobile app
Banking and paying are a lot easier… but these new services are attracting fraudsters. And, unsurprisingly, this step-change is accompanied by new and a growing number of
mobile security threats
. Mobile financial apps containing valuable data are prey to an increasing number of attacks. According to
McAfee lab quarterly threats report
of June 2017,
today's malware is very aggressive and powerful. Malware is no longer developed just by isolated groups or teenagers who want to prove something. It is now developed by criminal groups, and hacktivists, to spy on, steal, or destroy data and generate millions of USD in profit.
New types of malware are spreading through very different methods: from non-official app stores, from emails containing viruses in their attachments, through trojanized legitimate applications, and from computers to mobile phones.
In this context, mobile banking service providers need to solve a complex puzzle when it comes to protecting their applications:
- Maximize user reach despite mobile device fragmentation
- Address the lack of control of mobile devices in the field and how they are used
- Maintain end-user convenience with authentication solutions that work for everyone.
How can we secure mobile banking apps?
Gartner defines Application Shielding in its
Market Guide for Application Shielding as
"a set of technologies that modify an application's source, byte or binary code, to make the application more resistant to intrusion, tampering and reverse engineering".
Indeed, "Application shielding is a research-intensive space in constant evolution, with vendors that require R&D effort to maintain credible solutions. Constant updates from vendors are needed in this space."
Gemalto Mobile Security Toolkit is a comprehensive Mobile Application Shielding offering that integrates all the best practices that Gemalto has built and implemented over the years in the digital banking world to secure mobile applications and guarantee their data integrity.
The list of possible
vulnerabilities of unprotected mobile applications is long.
Gemalto Mobile Security Toolkit lets you focus just on developing your mobile application, not on its security. It enables you to implement the latest protection techniques while saving you time, energy and money.
Gemalto Mobile Security Toolkit will make your mobile apps:
- Integrity of Mobile App
- Sensitive Assets
- Unsafe environments
- Attacks attempts
- Stop execution
- Perform custom actions such as warning users or sending an alert to a risk-management server
Mobile software security pillars
Runtime Application Self Protection
Detect that the mobile environment is potentially compromised or mobile application is under attack
Prevent hackers from scrutinizing the mobile application and understanding its logic and security protections
White Box Cryptography
Hide secrets and cryptographic keys from the hacker, even in a compromised environment
Prevent discovery of the Knowledge factor
Gemalto Mobile Security Toolkit provides advanced and tailor-made security features. It is based on 4 pillars:
- Runtime Application Self Protection
Gemalto Mobile Security Toolkit offers protection against dynamic analysis thanks to Runtime Application Self-Protection (RASP), such as Jailbreak/root detection, anti-hooking, anti-debug and anti-tampering.
Gemalto Mobile Security Toolkit offers
protection against static analysis (code hardening). It secures your application against cloning, piracy, tampering and key extraction by applying state-of-the-art
obfuscation and encryption techniques.
- Secure storage
The secure storage functionality is built to protect sensitive data that is stored within the mobile banking application itself, such as cryptographic keys or any other type of secrets
- Secure User Interface
Finally, Gemalto Mobile Security Toolkit offers a
secure keypad, which is a unique feature on the market. This secure keypad prevents key logging and memory dump attacks.
Gemalto Mobile Security Toolkit protects your banking application from the most sophisticated and targeted malware, securing the most valuable asset for a bank: consumer trust.
Gemalto Mobile Security Toolkit is the perfect foundation for a multi-layered security approach that includes multi-factor authentication, secure messaging and risk–based authentication, fully in line with all the requirements of new regulations such as
PSD2, FFIEC, MAS and HKMA.
Mobile security: How does it actually work?
Here is how Gemalto Mobile Security Toolkit protects your app from sophisticated and targeted malware, detects suspicious environments, and helps you react quickly and make sure your sensitive data is secure.
Root / Jailbreak detection
Find out how secure environment detection works, with mobile apps detecting Operating System (Android and IOS) vulnerabilities and reacting accordingly.
Find out how data encryption can protect sensitive data from being revealed in clear.
Find out how intensive code obfuscation protects against reverse engineering, preventing the code logic and structure from being revealed in clear.
Find out how secure key pads protect against PIN/Password capture by spying malwares (key loggers).