FinTech is driving innovation for technology-led financial services companies in banking, financing, crowdfunding, digital currencies, insurance, money transfer, payments, wealth management and more. Every day more people are seeking financial services on the go. That is why VC investment dollars in FinTech have grown 19-fold from $930 million in 2008 to $17.4 billion in 2016.
FinTech companies are enjoying opportunities for growth from a strong demand for mobile applications. Savvy financial institutions are expanding their mobile services to grow and retain their customer base as ease of access continues to be a motivating factor for their customers.
Among non-mobile banking users, more than 57 percent say mobile banking is unsafe, and an additional 18 percent state they don’t know if mobile banking is safe or not (source: infographic) The onus is on financial institutions to protect their customer’s personal information and money, as well as their brands. Hackers can easily disassemble and attack mobile apps if proper application shielding is not being used.
The use of Host Card Emulation (HCE), electronic wallets, and secure access to cloud-based services presents challenges for mobile apps that reside outside the firewall where hackers can get full access to the source code through disassembly. However, by using application shielding technologies during the development process, the mobile app is able to bring security with it no matter where it is run.
Advanced code obfuscation techniques alter the mobile application so it cannot be disassembled and understood by hackers. It is vital that a barrage of techniques be used together so any would-be hackers will give up on doing a static analysis and move onto softer targets.
Runtime Application Self-protection (RASP) ensures that the running application cannot be attached to by a debugger or inspected to learn its secrets or alter its functions. If hacking is attempted, the application can signal that it is being hacked, then exit to foil hackers.
A white-box cryptographic library is a drop in replacement for the weak cryptographic libraries that come as part of the Android or iOS platforms. With white-box cryptography, secrets and keys are never in the clear in memory, even when they are being used, so they will remain secret.
Hackers work by reverse engineering code and finding ways to tamper with software to engage in fraud. whiteCryption provides the world’s most advanced application shielding technologies including code obfuscation, Runtime Application Self-Protection (RASP) and a white-box cryptography to foil attacks on apps. Today, whiteCryption protects a variety of FinTech mobile apps. The applications are limitless, and as devices proliferate, whiteCryption is rapidly becoming the standard of care against app hacking.
Seacert provides managed PKI services, including root and certificate authority creation and management, and high volume key provisioning. We specialize in device personalization, which provides devices with unique trusted identities and the rights needed to interact in the complex ecosystems of FinTech. We have shipped over 3 billion keys to market in the last 10 years and our keys are embedded in hundreds of millions of connected devices worldwide.
Taking Steps to Protect Financial Mobile Applications White Paper
This paper describes the latest statistics on cybercrime in the mobile financial industry and the most common types of attacks on mobile applications. Finally, this white paper will focus on Intertrust’s robust solution to protecting financial applications—a set of application shielding tools that are intended to increase application-level security and render cyberattacks on financial applications extremely difficult and expensive to execute.