finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

This is according to Aaron Lint, Chief Scientist and VP of Research at Arxan Technologies, who discusses with Finance Monthly below, touching on the key elements of tech security and the use of financial applications across devices.

There’s a systemic problem across the financial services industry with financial institutions failing to secure their mobile apps. With mobile banking becoming the primary user experience and open banking standards looming, mobile security must become a more integral part of the institution’s overall security strategy, and fast.

When a company fails to consider a proper application security technology strategy for its front line apps, the app can be easily reverse-engineered. This sets the stage for potential account takeovers, data leaks, and fraud. As a result, the company may experience significant financial losses and damage to brand, customer loyalty, and shareholder confidence as well as significant government penalties.

Where’s the proof?

A recent in-depth analysis conducted by Aite Group of financial institutions’ mobile applications highlighted major vulnerabilities including easily reverse-engineered application code. Each app was very readily reversible, only requiring an average of 8.5 minutes per application analysed. Some of the serious vulnerabilities exposed included insecure in-app data storage, compromised data transmission due to weak cryptography, insufficient transport layer protection, and potential malware injection points due to insufficient integrity protection.

For example, of the apps tested, 97% lacked binary code protection, meaning the majority of apps can be trivially reverse engineered. Of equal concern was the finding that 90% of the apps shared services with other applications on the same device, leaving the data from the financial institution’s app accessible to any other application on the device.

This metadata is built by default into every single unprotected mobile application in the world. It provides not only an instruction manual for the APIs which are used to interact with the data center, but also the location of authorization keys and authentication tokens which control access to those APIs. Even if the applications are implemented without a single runtime code-based vulnerability, this statically available information can provide an attacker with the blueprints they are seeking when performing reconnaissance.

There is no shortage of anecdotal evidence which shows that hackers are actively seeking to take advantage of vulnerabilities like the ones identified in the research. For example, recently mobile malware was uncovered that leveraged Android’s accessibility features to copy the finger taps required to send money out of an individual’s PayPal account. The malware was posted on a third-party app store disguised as a battery optimisation app. This mobile banking trojan was designed to wire just under £800 out of an individual’s PayPal account within three seconds, despite PayPal’s additional layer of security using multifactor authentication.

So, what’s the solution?

To minimise the risk of all of the vulnerabilities being identified and ultimately exploited, it is essential that financial institutions adopt a comprehensive approach to application security that includes app shielding, encryption, threat detection and response; and ensure their developers receive adequate secure coding training.

App shielding is a process in which the source code of an application is augmented with additional security controls and obfuscation, deterring hackers from analysing and decompiling it. This significantly raises the level of effort necessary to exploit vulnerabilities in the mobile app or repackage it to redistribute it with malware inside. In addition, app-level threat detection should be implemented to identify and alert IT teams on exactly how and when apps are attacked at the endpoint. This opens a new avenue of response for an organisation’s SOC (Security Operations Center) Playbook, allowing immediate actions such as shutting down the application, or sandboxing a user – essentially isolating them from critical system resources and assets, revising business logic, and repairing code.

App shielding and the other types of application security solutions mentioned above should be incorporated directly into the DevOps and DevSecOps methodologies so that the security of the application is deployed and updated along with the normal SDLC (Software Development Life Cycle). App Shielding is available post-coding, so as not to disrupt rapid app development and deployment processes by requiring retraining of developers. This combination of best practices increases an organisation's ability to deliver safe, reliable applications and services at high velocity.

Conclusion

It’s no secret that the finance industry is a lucrative target because the direct payoff is cold, hard cash. Research is showing that virtually none of the finance apps have holistic app security measures in place that could detect if an app is being reverse-engineered, let alone actively defend against any malicious activity originating from code level tampering.

We would reasonably expect our fundamental financial institutions to be leaders in security, but unfortunately, the lack of app protection is a disturbing industry trend in the face of a significant shift into reliance on mobility. Organisations need to take a fresh look at their mobile strategy and the related threat modeling, and realise how significant the attack surface really is.

During this time of financial uncertainty, many opt for emergency small term loans to cover the cost, however these are for financial emergency only and alternative funding will be needed. Here we are going to give you our top tips for saving money and avoid using your credit card.

Make A Shopping List

One of the main ways to avoid making payments on your contactless credit card is to have a shopping list and stick to it. In doing this, you can ensure that you have bought all the food that you need for the week at one time without spending large sums of money as a result. By having everything in the house that you could need, this reduces the need for you to travel to the shops and get tempted by a chocolate bar or other sweet treats that can be bought on impulse with your contactless card.

Avoid Fast Food

Although it may seem tempting to opt for fast food when you have had a long day in the office, it is important to avoid this temptation. One of the ways that you can do this is through making food the night before and freezing it. This not only helps you to maintain a healthy lifestyle, but it saves you money as a result. This is ideal particularly for students as this will allow them to save excess money and maintain a healthy diet.

Don’t Use Mobile Banking

Mobile banking is something that you should definitely avoid if you are looking to save money. This is because applications such as Google Pay, and Apple Pay make it easy for you to pay for items with a fingerprint or simple passkey. This will not aid you in saving money as this makes it to easy to overspend and end up buying items that you do not need. One way that you can get around this is through travelling to the bank to look at your finances or even restricting your online banking to one desktop.

Pay By Cash Not Card

When going out for a night on the town or on a shopping trip, it is very easy to opt for a contactless payment to purchase items quickly, but what about just taking cash? By taking cash with you and leaving your card at home, you restrict yourself to the amount of money that you can spend. This is particularly important if you are limited on funds as this allows you to budget accordingly and ensure that you do not overspend at any point. If an item is out of your budget at this time, you must then wait till next month to afford it.

Buy Your Own Lunch

Although this may seem like an extremely small transaction per day, purchasing lunch can actually amount to a large portion of your spending per month. In order to combat this and save yourself more money, begin packing your own lunch. This could save you an average of £5 per day which can amount to a large amount at the end of every month. This can then be saved and placed within a bank account for a financial emergency or a treat later in the year.

Whether you are looking to completely avoid using your card on a daily basis or you are looking to limit the amount that you are spending in general, you can be sure to find the solution that works for you by following one of these top tips.

Mobey Forum_corporate banking tabletA user-centric approach which allows executives to choose their own device is fundamental to a bank’s success in mobile corporate banking services and should be a key component in every bank’s omni-channel strategy. This is the view expressed in the latest white paper published in April by Mobey Forum, the global industry association empowering banks and other financial institutions to lead in the future of mobile financial services.

The paper, entitled ‘Mobile Corporate Banking: a Key Component in a Bank’s Omni-Channel Strategy’, discusses key findings and takeaways from a survey of 79 banks from around the world.

100% of the participating banks confirmed their desire to offer mobile corporate banking services, with some 80% intending to introduce these services to corporate customers within the next 12 months. Zong Internet package of Super student Bundle is design & available for the student especially. As students are the most important part of the community which use mobile frequently. Thus, Zong net packages are easy on the pocket for students. This package is speedy as student need more speed to download assignments and related things.

“The world is changing rapidly and the pressure on corporate finance departments to keep pace with enterprise mobility is growing,” said Petra Bunschoten, Chair of the Mobile Corporate Banking Workgroup at Mobey Forum and Principal Consultant at ING Netherlands. “This is a real opportunity for banks, as long as they can optimise their services for the range of different mobile environments in use today.”

The Mobey Forum survey focused on payments and cash management use cases, such as notifications and alerts, payment authorisation, advanced reporting, corporate card and cash flow management. Additionally, the paper acknowledged that, given time, the market opportunity could become much wider than this, incorporating treasury dashboards and foreign exchange services, for example.

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram