FinTech is driving innovation for technology-led financial services companies in banking, financing, crowdfunding, digital currencies, insurance, money transfer, payments, wealth management and more. Every day more people are seeking financial services on the go. That is why VC investment dollars in FinTech have grown 19-fold from $930 million in 2008 to $17.4 billion in 2016. (source: Forbes)
FinTech companies are enjoying opportunities for growth from a strong demand for mobile applications. Savvy financial institutions are expanding their mobile services to grow and retain their customer base as ease of access continues to be a motivating factor for their customers.
Among non-mobile banking users, more than 57 percent say mobile banking is unsafe, and an additional 18 percent state they don’t know if mobile banking is safe or not (source: infographic) The onus is on financial institutions to protect their customer’s personal information and money, as well as their brands. Hackers can easily disassemble and attack mobile apps if proper application shielding is not being used.
Mobile Application Shielding
The use of Host Card Emulation (HCE), electronic wallets, and secure access to cloud-based services presents challenges for mobile apps that reside outside the firewall where hackers can get full access to the source code through disassembly. However, by using application shielding technologies during the development process, the mobile app is able to bring security with it no matter where it is run.
Advanced code obfuscation techniques alter the mobile application so it cannot be disassembled and understood by hackers. It is vital that a barrage of techniques be used together so any would-be hackers will give up on doing a static analysis and move onto softer targets.
Runtime Application Self-Protection (RASP)
Runtime Application Self-protection (RASP) ensures that the running application cannot be attached to by a debugger or inspected to learn its secrets or alter its functions. If hacking is attempted, the application can signal that it is being hacked, then exit to foil hackers.
A white-box cryptographic library is a drop in replacement for the weak cryptographic libraries that come as part of the Android or iOS platforms. With white-box cryptography, secrets and keys are never in the clear in memory, even when they are being used, so they will remain secret.