Home Publications Technical Mobile Banking application security

Mobile Banking application security

Author: Riscure Team

In this paper we present the critical security challenges that Mobile Banking applications face in today’s market. Additionally, we summarize our experience when evaluating both HCE Mobile Payment and Mobile Banking applications, and present evidence that certain HCE security approaches are worth embracing in Mobile Banking application development. Mobile Payments and banking solutions popularity have been raising in the past years by enabling customers to perform banking transactions, payments and other activities efficiently and quickly.

Security challenges

With the increasing use of mobile banking solutions, various security challenges may arise. Some of the most common risks are physical theft, abuse of user credentials, card information, and payment keys, as well as cloning, man-in-the-payment, and relay attacks. These types of attacks are widely known in the security community thanks to the many available publications and in-depth research by Riscure.

Mobile payment applications vendors have to implement Strong Customer Authentication (SCA), which is achieved through two-factor authentication (2FA) methods implemented via an additional component.  Currently, the 2FA, which is an additional dedicated hardware device (2DA), is being replaced with an additional application on the mobile device (2AA) or functionality included into the single banking application (1AA).

How to protect mobile banking security

In order to protect your mobile banking and payment solutions, Riscure can help you conduct regular anti-rooting, anti-emulation, and integrity checks. With our long-standing experience we provide security evaluation services such as lightweight security quick scans, penetration testing to in depth security evaluation and certification of the mobile solution. It is further recommended to consider TLS certificate pinning, White-box cryptography and Trusted Execution Environment (TEE), when securing mobile banking and payment solutions.

Riscure can also help improve the knowledge of both development and security teams with the design and development and security testing of mobile banking solutions through our Training Academy courses.

Recent publications

Share This