With the increasing use of mobile banking solutions, various security challenges may arise. Some of the most common risks are physical theft, abuse of user credentials, card information, and payment keys, as well as cloning, man-in-the-payment, and relay attacks. These types of attacks are widely known in the security community thanks to the many available publications and in-depth research by Riscure.
Mobile payment applications vendors have to implement Strong Customer Authentication (SCA), which is achieved through two-factor authentication (2FA) methods implemented via an additional component. Currently, the 2FA, which is an additional dedicated hardware device (2DA), is being replaced with an additional application on the mobile device (2AA) or functionality included into the single banking application (1AA).
How to protect mobile banking security
In order to protect your mobile banking and payment solutions, Riscure can help you conduct regular anti-rooting, anti-emulation, and integrity checks. With our long-standing experience we provide security evaluation services such as lightweight security quick scans, penetration testing to in depth security evaluation and certification of the mobile solution. It is further recommended to consider TLS certificate pinning, White-box cryptography and Trusted Execution Environment (TEE), when securing mobile banking and payment solutions.
Riscure can also help improve the knowledge of both development and security teams with the design and development and security testing of mobile banking solutions through our Training Academy courses.