For more than two decades, cybersecurity vendors have touted that proactive security measures serve as business enablers and not simply a cost center. Mobile app security is no different. Indeed, properly deployed mobile app security measures not only prevent disastrous breaches but can also literally save money. That’s never been more apparent than today – because it’s not common that one can point to specific, clear-cut security approaches that can help prevent scenarios where a financial institution must actually pay out compensation (or reimbursement) to customers falling victim to fraud.

Just a few days ago, New York filed a lawsuit that seeks to require both online and mobile banking customers be reimbursed by their institution when they fall victim to scams or hacks. The complaint centers around the Electronic Fund Transfer Act (EFTA) that requires financial institutions pay for any lost or stolen funds that were taken through unauthorized electronic transactions. It appears the state wants banking scams or hacks to be treated similarly to unauthorized credit and debit card transactions.

Inadequacies found in bank response to fraud.

One published report indicated that the NY attorney general’s office found inadequacies in how a large U.S. bank responded to red flags of fraudulent activities, including not effectively reacting to attackers using unrecognized devices, accessing accounts from new locations, or even when changing users’ banking credentials. This list of indicators or potential malicious activity parallels the list of capabilities offered through today’s mobile app security solutions such as Verimatrix XTD.

Not only is the lawsuit an eye opener for banks, but it’s a notable moment regarding potential upcoming compliance standards if the state ultimately prevails in their case. And in this case, the “compliance” element is not a check box technological deployment for banks, but rather, it’s instead an opportunity to proactively put in place the latest mobile app security technologies in order to not find themselves needing to comply with required compensation and reimbursements laws in the first place.

Real-time visibility enables detection and response to threats.

Properly protecting against mobile-based attacks not only requires passive protection but also needs telemetry and the overall real-time visibility into the actions taken on your app. With the right visibility, organizations can detect and respond to threats to their mobile apps and the devices that connect to their infrastructure. Otherwise, an organization is largely blind to what’s going on with its app. Verimatrix XTD offers:

  • Zero code: No extra development effort whatsoever 
  • Agentless: No agent is required on any devices
  • Instant monitoring of protected apps
  • Instant monitoring of connected devices accessing the apps


In the specific case of a financial institution’s app being involved in a scam, Verimatrix XTD’s runtime environment checks and DNS registry monitoring may also help protect against related phishing efforts. To request a Verimatrix XTD demo and see the solution in action, click here.