View
4
Download
0
Category
Preview:
Citation preview
Mobile security in the
B2C Market: Mobile App
Protection and Fraud
Prevention
Pedro Hernández
20th June 2019
Bangkok, Thailand
Service Providers have to take a Mobile First Approach to address the Consumers
There is a Diversity of Devices on the hands of the consumers and Service Providers have to tackle it
With Security breaches, there is no way back: Once the paste is out can’t be put back in
Options
The OEM ecosystem route
The WEB App route
The hardened App route
Neglecting “State-of-the-Art” technology in mobile appsExample: Insufficient security in mobile apps in German banks and the automotive industry
Source: “On App-based Matrix Code Authentication in Online Banking”, 2016https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Lack of Binary Protections
•97% of all apps tested lacked binary code protection: reverse engineer and decompile is possible exposing source code to analysis and tampering
Unintended Data Leakage
•90% of the apps tested shared services with other applications on the device: Data from the app accessible to any other application on the device
Insecure Data Storage
•83% of the apps tested insecurely stored data outside of the apps control allowing shared access with other apps; and, exposed a new attack surface via APIs
Weak Encryption
•80% of the apps tested implemented weak encryption algorithms allowing adversaries to decrypt sensitive data and manipulate or steal it as needed
Present day situation has not improved
Source: https://www.prnewswire.com/news-releases/analyst-report-financial-institutions-put-consumer-data-at-risk-by-failing-to-protect-mobile-apps-300822488.html
Build38 Security Wheel
Secure
Storage
Key Protection
Manager
Fast En- &
Decrypt
HW-Backed
Storage
Attestation Emulator
Detection
Debugger
Detection
Jailbreak
Detection
iOS
Runtime
Integrity
Rooting
Detection
Android
Secure
Channel
API
Protection
Key
Management
Personalized
App Security
Management
T.A.K License
Mgmt.
Analytics
Device
Binding
File
Protector
ID
Protection
Bot
ProtectionApp control
(MAM)
Insights
Android
Re-packing
Anti-Cloning
Read what Gartner says about
our solution!
Market Guide for Application Shielding
Next future
threat …
Real-time
Trust Level
Confidential
Top reasons for working with an App Protection Provider
Budget
Mobile market conformity – app security w/o the overhead of a MDM / MAM
▪ Automated app life cycle management
▪ Per app/devices basis: Steer application security and get insights
Speed
Provisioning
Meet timelines – time-to-market is crucial for success
▪ Fastest to integrate mobile application focused security SDK
▪ Designed with a developer mindset
▪ Developers focus is on app development, while mobile app security is built-in
Meet budget
▪ No need to engage expensive and scarce security specialist
Compliance Tick of security controls
▪ Meet regulatory or organizational compliance goals with one SDK
▪ Increase the security level of the mobile app on all Android and iOS devices
▪ Know what the apps are doing and react accordingly
The client and cloud framework allows real time risk and fraud prevention for real time decision making
T.A.K I/F
Fraud Mgmt.
Mobile App
Business Logic
T.A.K Client Library
Service Provider
Trusted Application Kit by Build38
T.A.K Cloud Insights & Analytics Build System
App Backend Dashboard Dev. & CI
API
Faster than Anyone Else
Build, Test, DeployREST based API for integration
into DevOps cycle for
continuous integration
Knowledge is Power
Insights & AnalyticsInformation gain: know what
your device base is doing. Fight
threat and fraud early.
Trust is Essential
Control is betterBase your decision on an
outside opinion, and not what
the app tells you
Closer to the customer
Quick issue responseMulti-channel Service Mgmt.
Scale fast, easy setup
Automated InfrastructureInfrastructure-as-Code (IaC,
Terraform)
Overview of companies who trust our solution
3
Consortium of:Authentication
Transit
Energy
Automotive
and more
Read what Gartner says about
our solution!
Market Guide for Application Shielding
Note: Not allowed to show all logos of customers
multi-million Apps already
secured for large APAC
energy retailer
THE ONE essential security solution for Mobile Apps and Assets
On the device In your backend For your SOC Against Fraud
▪ Self defending App
protects itself
▪ Platform agnostic
▪ Security for keys,
data, and code
▪ Transparent usage for
the customer
▪ Secure channels to
unsecure devices
▪ Anti cloning for IDs
▪ API protection
▪ Personalisation per
App (and user)
▪ Password less FIDO
▪ 3rd Factor security
▪ Mobile application
management
▪ Threat detection
▪ Insights on trust levels
and attacks
▪ Backchannel for the
self defending App
▪ Real time monitoring
▪ Social engineering
disabled by 3rd factor
security
▪ Trust level KPIs
▪ Strong authentication
▪ GDPR compliance
enablement
Your contact person for questions about our solution. We are looking forward assessing your eco-system with you
Pedro HernándezManaging Director APAC and Co-Founder
+65 9003 5357
pedro.hernandez@build38.com
www.build38.com
www.linkedin.com/in/pedro-hernandez-pena/
Meet us:
Cybertech Asia | Bangkok | 19-20.06.2019
RSA APJ | Singapore | 16-18.07.2019
itsa | Nürnberg | 8.-10.10.2019
IOT Solutions World Congress | Barcelona | 29.-31.10.2019
Recommended