5 Tactical Steps to Implement Financial App Security

To drive a more convenient customer experience (as well as reduce costs), the interaction point for financial services has shifted dramatically in recent years from brick-and-mortar buildings to online platforms and now to mobile devices. If customers are going to trust an organization, they need to be able to trust their primary interaction point. This means that trust must now be built into financial and fintech mobile apps.

Organizations must accept that the security perimeter has moved. It is no longer enough to protect just the back-end data centers. It is now critical to protect the interaction point – the apps themselves.

Striking a Balance Between Security and User Experience

Finance and Fintech are industries with a tricky balancing act to maintain. On one hand, organizations working in this space must maintain high security standards. However, it is also imperative that they offer slick and convenient customer experiences to satisfy their end users if they want to compete with the digital-first interlopers of big tech and start-ups alike.

Multi-Faceted Cyber Security Needs:

• Adherence to ever-increasingly stringent requirements – from the New York SHIELD Act to GDRP and PSD2 regulations in Europe.
• Preventing fraud – As a finance or fintech company, you must “Know Your Customer” and be able to trust that their transactions are authorized.
• Keep financial and personal data safe – Money and data are a hacker’s main motivation, and the financial industry must secure a wealth of both.

Failure to maintain the security of any of the above will result in hefty fines from regulators. However, the loss of customer trust is arguably more damaging. When you talk to anyone in financial and fintech spaces, they will always tell you that their number one asset is customer trust.

Building Security to Maintain Trust

Trust and security are not the same—but they are heavily connected. Trust is a feeling, an emotion, that is nurtured over time by delivering what you promise. It is hard won, yet easily lost. For businesses in the financial and fintech spaces, one of the quickest ways to lose trust is through a security breach. Trust is maintained over time by keeping money and data safe.

5 Tactical Steps Any Developer Can Implement

1. Check Out OWASPs Mobile Top 10: Knowing risks makes it easier to avoid pitfalls. OWASP (Open Web Application Security Project) is an online community of security specialists – including Verimatrix – that have created freely available learning materials, documentation and tools to help build secure web and mobile applications. Amongst others, they have compiled a list of the 10 most common threats to mobile applications.
2. Make Security Everyone’s Responsibility: Don’t retrofit security, make it part of your organization from the beginning; It’s easier (and more helpful) to be proactive than reactive. If you build a “security as usual” culture from day one, you won’t have to worry about making difficult regulatory changes later. This makes it a low-level, non-disruptive activity rather than something forced upon the organization at a later date.
3. Think Holistically: It’s easy to focus on the detail or to focus on your comfort zone. That doesn’t work when it comes to security – it is critical to consider the entire ecosystem. We’ve all heard the security cliché, “there is no use locking the door if you leave the window wide open”. Security isn’t just about your data center. The security perimeter is the whole ecosystem, which includes apps in the wild – we discussed this is our recent blog on API Abuse. The tactical way to approach this is to map the flow of sensitive data, it soon becomes apparent where the data is exposed.
4. Perform a Security Assessment: Security isn’t something you have to do on your own. There are tools and companies that can help review your risk profile. This can be in the form of automated testing (e.g. services that can automatically scan an app and identify vulnerability) or deeper end-to-end reviews carried out by security labs. For a lot of financial work, these reviews are mandated by industry regulations. It makes sense to be proactive and get ahead of the requirements.
5. Shield Your Application: Finally, you must build and maintain trust in the tool your customers use to interact with your services – which is your mobile app. This is achieved by protecting the app itself using a technology called App Shielding. Without this shielding, an app is vulnerable to exploitation by hackers – which will cause irreparable damage to hard-earned trust.
   
   

Proven App Protection for the Financial Industry

At Verimatrix, we believe in friendly security. That means empowering our customers to apply proven App Shielding without overly disrupting their development teams, release schedules, or workflows. With Verimatrix App Shielding, you can continue developing new, exciting, and trusted features for your customers.