Mobile Security Toolkit


​​​​​​​​​​​​​​Last updated 8 February 2018

In recent years, the financial services industry has faced challenges and explored new opportunities to make digital transformation a reality. The arrival of Fintechs has pushed tech companies and forward-thinking banks to innovate, leading to the launch of successful mobile banking and payment services, and changing consumer behavior and expectations forever.  

We can all now:

  • Open a bank account in less than 10mn
  • Pay by waving a phone
  • Or send money to a peer from a mobile app
Banking and paying are a lot easier… but these new services are attracting fraudsters. And, unsurprisingly, this step-change is accompanied by new and a growing number of mobile security threats. Mobile financial apps containing valuable data are prey to an increasing number of attacks. According to McAfee lab quarterly threats report of June 2017, today's malware is very aggressive and powerful. Malware is no longer developed just by isolated groups or teenagers who want to prove something. It is now developed by criminal groups, and hacktivists, to spy on, steal, or destroy data and generate millions of USD in profit.

 

Total Mobile Malware from 2015 to Q1 2017 (Source McAfee Labs, 2017) 

New types of malware are spreading through very different methods: from non-official app stores, from emails containing viruses in their attachments, through trojanized legitimate applications, and from computers to mobile phones.

In this context, mobile banking service providers need to solve a complex puzzle when it comes to protecting their applications:​

  • Maximize user reach despite mobile device fragmentation
  • Address the lack of control of mobile devices in the field and how they are used
  • Maintain end-user convenience with authentication solutions that work for everyone.​

How can we secure mobile banking apps?

 

Gartner defines Application Shielding in its Market Guide for Application Shielding as "a set of technologies that modify an application's source, byte or binary code, to make the application more resistant to intrusion, tampering and reverse engineering".

Indeed, "Application shielding is a research-intensive space in constant evolution, with vendors that require R&D effort to maintain credible solutions. Constant updates from vendors are needed in this space."  

Gemalto Mobile Security Toolkit is a comprehensive Mobile Application Shielding offering that integrates all the best practices that Gemalto has built and implemented over the years in the digital banking world to secure mobile applications and guarantee their data integrity. 

 

The list of possible vulnerabilities of unprotected mobile applications is long. Gemalto Mobile Security Toolkit lets you focus just on developing your mobile application, not on its security. It enables you to implement the latest protection techniques while saving you time, energy and money.

Gemalto Mobile Security Toolkit will make your mobile apps:

Defend

  • Integrity of Mobile App
  • Sensitive Assets

Detect

  • Unsafe environments
  • Attacks attempts

React

  • ​​Stop execution
  • Perform custom actions such as warning users or sending an alert to a risk-management server​


 

Mobile software security pillars

RASP
RASP

Runtime Application Self Protection
Detect that the mobile environment is potentially compromised or mobile application is under attack

Obfuscation
Obfuscation

Prevent hackers from scrutinizing the mobile application and understanding its logic and security protections







​​
 
White Box Cryptography​

Hide secrets and cryptographic keys from the hacker, even in a compromised environment


Secure User Interface

​​Secure Keypad

Prevent discovery of the Knowledge factor

Gemalto Mobile Security Toolkit provides advanced and tailor-made security features. It is based on 4 pillars:

  1. ​Runtim​e Application Self Protection
    Gemalto Mobile Security Toolkit offers protection against dynamic analysis thanks to Runtime Application Self-Protection (RASP), such as Jailbreak/root detection, anti-hooking, anti-debug and anti-tampering.

  2.  Obfuscation
    Gemalto Mobile Security Toolkit offers protection against static analysis (code hardening). It secures your application against cloning, piracy, tampering and key extraction by applying state-of-the-art obfuscation and encryption techniques.

  3. Secure storage
    The secure storage functionality is built to protect sensitive data that is stored within the mobile banking application itself, such as cryptographic keys or any other type of secrets​

  4. Secure User Interface
    Finally, Gemalto Mobile Security Toolkit offers a secure keypad, which is a unique feature on the market. This secure keypad prevents key logging and memory dump attacks.

Gemalto Mobile Security Toolkit protects your banking application from the most sophisticated and targeted malware, securing the most valuable asset for a bank: consumer trust.

Gemalto Mobile Security Toolkit is the perfect foundation for a multi-layered security approach that includes multi-factor authenticationsecure messaging and risk–based authentication, fully in line with all the requirements of new regulations such as PSD2​, FFIEC, MAS and HKMA.

Mobile security: How does it actually work?

Here is how Gemalto Mobile Security Toolkit protects your app from sophisticated and targeted malware, detects suspicious environments, and helps you react quickly and make sure your sensitive data is secure.

  • Root / Jailbreak detection


    Find out how secure environment detection works, with mobile apps detecting Operating System (Android and IOS) vulnerabilities and reacting accordingly.

    Watch video

  • Data encryption


    Find out how data encryption can protect sensitive data from being revealed in clear.

    Watch video

  • Code obfuscation


    Find out how intensive code obfuscation protects against reverse engineering, preventing the code logic and structure from being revealed in clear.

    Watch video

  • Secure keypad


    Find out how secure key pads protect against PIN/Password capture by spying malwares (key loggers).

    Watch video