Arxan Issues Mobile Banking & Payment Security Advisory For “Data Privacy Day”
To Increase Education and Security Awareness of Mobile Financial Services
Bethesda, MD – January 28, 2015– Arxan Technologies, the industry-leading provider of application protection solutions, is observing Data Privacy Day on January 28, by issuing a mobile application security advisory for mobile app developers of banking and payment apps as well as their end users. The Advisory is intended to promote continued education and awareness of the increased risks to mobile financial services applications and the sensitive data of their customers that are using these apps on their devices.
“Data Privacy Day” commemorates the 1981 signing of the first legally binding international treaty dealing with privacy and data protection. It is led by the National Cyber Security Alliance, a non-profit, public-private partnership focused on cyber security education for all online citizens.
For customers who are using or considering mobile financial services applications such as check deposits, balance inquiries, mobile payments, money transfers, etc., Arxan advises the following steps to increase the level of security surrounding mobile financial transactions to protect their privacy and data.
Arxan Mobile Banking and Payment Security Advisory for Data Privacy Day:
- Download banking and payment applications only from certified app stores;
- Ensure that your phone settings are set to prevent app downloads from unofficial stores!
- Ask your financial institution if their app is protected against “reverse engineering”
- Reverse engineering involves the use of widely available online hacker tools and allows the hacker to analyze the app. It is typically the first step that hackers take to tamper with an application’s functionality or insert malware.
- Don’t connect to an email, bank, or other sensitive account over public Wi-Fi.
- If that’s unavoidable—because you spend a lot of time in cafés, hotels, or airports, for example—pay for access to a virtual private network that will significantly improve your privacy on public networks.
- Don't rely only on mobile anti-virus, anti-spam or your enterprise-wide device security solutions to protect apps that reside on your mobile device from hacking or malware attacks. Ask your bank if they have deployed application self-protections for the mobile apps that have been released in app stores.
- Although, purposeful, these solutions do not provide sufficient protection from hacking attacks that are increasingly being launched, such as the recent Wirelurker or Masque attacks.
- Leading mobile app developers of financial services that are building self-protections into the application development (or build) process for both runtime and ‘at-rest’ defense against hacker attacks are offering greater security to their end customers.
“Mobile is now a mainstay in the financial sector and it is critical for application security to be a top priority and integral component to upholding consumer data privacy,” said Michael Dager, CEO, Arxan Technologies. “Arxan applauds and echoes the American Banking Association (ABA), in also providing data protection guidance to the banking community and its consumers on Data Privacy Day. Such guidance is especially important for the financial sector that is enabling innovative services online via the mobile platform.”
Arxan's 2014 State of Mobile App Security report disclosed that most common financial services have been hacked. Of top financial apps, 95% of Android apps have been hacked and 70% of iOS apps have been hacked. This research is complemented most recently by RiskIQ’s finding that more than 40,000 (or 11 percent) of the 350,000 apps which reference banking in the world’s top 90 app stores contain malware or suspicious binaries. The importance of app security is further supported by Gartner application security analyst Joseph Feiman’s recent Maverick report, in which he advises that CISO’s should “make application self-protection a new investment priority, ahead of perimeter and infrastructure protection. Perimeter protection technologies cannot protect what ceases to exist — the perimeter, which dissipates in the mobile, consumer-oriented and cloud-oriented world.”
Arxan’s commitment to ongoing mobile security education and awareness is highlighted by its various financial industry memberships including: Affiliate Member of the Financial Services Information Sharing and Analysis Center (FS- ISAC), PCI Security Standards Council, and FIDO (Fast Identity Online) Alliance. As a Data Privacy Day Champion, Arxan will also be launching online educational material in early 2015 for consumers via its YouTube channel featuring topics such as “How Your Mobile Financial App Can Get Hacked” and “What to Ask Before You Tap that App”
About Arxan Technologies
Arxan provides the world’s strongest application protection solutions. Our unique patented guarding technology 1) Defends applications against attacks, 2) Detects at run-time when an attack is being attempted, and 3) Responds to detected attacks to stop them, alert, or repair. Arxan offers solutions for software running on mobile devices, desktops, servers, and embedded platforms – including those connected as part of the Internet of Things (IoT) – and is currently protecting applications running on more than 300 million devices across a range of industries, including: financial services, high tech/independent software vendors (ISVs), manufacturing, healthcare, digital media, gaming, and others. The company's headquarters and engineering operations are based in the United States with global offices in EMEA and APAC.
 Stop Protecting Your Apps; It's Time for Apps to Protect Themselves, Gartner Maverick* Research, Joseph Feiman, 25 September 2014