Here's a potentially handy "Mobile App Security Check List" to help banks, financial institutions, merchants and the payments ecosystem prepare for Black Friday and Cyber Monday, from a OneSpan cyber security expert.
Will LaSala, Director of Security Solutions, Security Evangelist, OneSpan writes:
The 4 Essential Mobile App Security Tips (for banks, FIs and the payments ecosystem)
- All mobile applications, including shopping and retail apps, should be able to protect themselves in untrusted device environments. In order to defend any type of mobile app against sophisticated malware, we recommend that they are protected using application shielding technology. This technology prevents attackers from injecting malicious code into an app and repackaging it for distribution in unofficial marketplaces or websites. This technology is also context-aware so that if a user’s Android device is rooted or allows for side-loaded apps and is potentially infected with malware, the app itself is still protected.
- Focus on implementing strong, user-friendly multi-factor authentication. Financial institutions should turn to the latest available adaptive authentication technology that analyze and score hundreds of user, device, and transaction data in real-time to determine the precise authentication requirements for each transaction. This level of intelligence ensures the best possible customer experience, while safe-guarding transactions and customer data.
- Stay compliant with industry standards. Ensuring your mobile app is compliant with industry standards for mobile security will help keep you secure from the latest threats and vulnerabilities. PCI-DSS is one example of a compliance mandate for banks with cards and is administered by the Payment Card Industry Security Standards Council.
Training and communication to customers is key to any successful security plan. As social engineering and phishing attacks continue to rise, customers should know how to spot fraudulent e-mails directing them to click on suspicious links and open unidentified attachments. Being able to stay on top of the latest trends for security and keeping your customers up to date on those trends is also important.