Itransition Presents A Five-Step Guide To Mobile Banking Security | Security News – SecurityInformed

Science & Technology

Dahua DHI-LPH65/75/86-MT440-C 65/75/86'' UHD Smart Interactive Whiteboard
Hikvision unveils the industry's first "True 8K" NVRs
Climax Launches Products that Adopt SF1 Technology
Programmable electronic keys can lighten the workload for facility managers
Anviz Provides FaceDeep 5 And Crosschex Personnel Identity Verification To Enhance Security For Dürr
Fresno Police Department Enhances Safety Management With Pelco Surveillance Solution
NEXCOM NViS 1482 Inside The “War Room” With Seaport Terminal View
Milestone Provides Their XProtect Video Management Software Platform To Enhance Surveillance At Massachusetts General Hospital
Anatomy of a False Alarm
Making Physical Security a Critical Pillar of your Cybersecurity Strategy
Preventing Fan Violence: 7 Tips for Moving from Reactive to Proactive Security
Improving Real-time Visualization And Collaboration In SCADA Operations
Public-Private Partnerships On Campus: What You Need To Know
A More Secure Alternative to 125 kHz Proximity Cards
5 Ways To Strengthen Physical Security With An Integrated System
The Critical Role of Access Control in K-12 School Security
The growing mobile ownership rate, the emergence of more user-friendly banking apps, the tech-native younger generation, and, of late, the pandemic-induced shift to online, all create a fertile ground for mobile banking.
Unfortunately, the acceleration of banking app adoption today goes hand in hand with the increase of targeted security threats. In 2022, a month wouldn’t go by without a headline-making mobile banking attack or incident that resulted in stolen funds and sensitive personal information from thousands of users.
Nevertheless, a fair share of BFSI companies persists to treat security as an afterthought during and after mobile banking app development.
The 2021 State of Mobile Banking App Security report shows that 82% of enterprise executives consider mobile channels important. However, 39% of respondents did not run any vulnerability analysis or penetration tests on their mobile solutions.
Neglecting a banking app’s security is a dead-end track that leads to severe financial repercussions
In the turbulent threat landscape of today, neglecting your banking application’s security is a dead-end track that leads only to severe financial and reputational repercussions.
Being banking software developers with a long-standing experience in cybersecurity, we devised a five-step guide to help financial institutions build shell-proof mobile banking apps, maintain them this way, and safeguard customers from mobile security troubles.
The safety of mobile banking is a subject of many regional and industrial standards, so companies traditionally design the security architecture of their apps around these guidelines and call it a day.
While regulatory compliance is vital, financial institutions often mistakenly bank on it alone and perform security-related activities late in the SDLC. As a result, there is a good chance pre-release quality assurance (QA) can discover deeply ingrained security flaws that will require fundamental corrections. What’s even worse, if the QA fails to do so, the app will be released with inherent vulnerabilities.
Threat modeling 
Engineers should not only implement security controls into the source code but also review it for bugs and flaws
The best way to make an app safe by design is to integrate security testing into the development lifecycle. At the start of the project, the team needs to explore relevant external and internal threats and, drawing on the analysis, specify security requirements for the application alongside functional and performance ones.
At the design stage, it’s a great practice to perform threat modeling, as it allows developers to understand which elements of the app require protection most and what security controls will fit the purpose. Also, during the application development, engineers should not only implement security controls into the source code but also review it for bugs and flaws at each iteration. Thus, all vulnerabilities are rooted out immediately, before the app goes to production.
Access control is the foundation of security, and mobile banking is no exception. By equipping an app with a proper authentication mechanism, banks ensure that only the customer is allowed to view and manage their personal funds, while third parties, malicious and not, are kept out, thus eliminating the risk of unauthorized access.
Despite remaining a predominant user authentication method, passwords have long been showing their insufficiency in the modern threat landscape.
Two-factor or biometric authentication
Relying on physiological human characteristics to identify a person is highly accurate and spoof-proof
Two-factor authentication, on the other hand, has many uses in the financial industry, and app user verification is one of them. Requiring two separate forms of identification, commonly a password and a single-use code sent via SMS, push notification, or email is still a much stronger secure option than passwords.
Biometric identification is an authentication technology that gained traction only recently, but its efficiency propelled its adoption as a verification method in mobile apps across industries, with finance leading the way. Relying on physiological human characteristics, such as fingerprints, facial features, voice, or iris to identify a person, the technology is highly accurate and spoof-proof.
Financial institutions are no strangers to encryption. Most banks today leverage the virtually unbreakable 256-bit advanced encryption standard (AES) or equivalent methods to make customers’ personal and payment information inaccessible to unauthorized parties.
Needless to say, a mobile banking app should incorporate similarly robust encryption mechanisms to protect user data. It can be the customary AES, but it can also be another encryption technology that fits the app’s specifics better.
Transport Layer Security protocol
It’s necessary to bake in specialized encryption mechanisms for securing app-to-device communication
It is also important to secure the traffic between the app and the server, and the Transport Layer Security protocol (TLS) fits the bill here. Things can get more challenging if you plan on integrating your mobile app with wireless BLE and IoT technologies for proximity-based marketing, in-branch experience personalization, and wayfinding.
In this case, it’s necessary to bake in specialized encryption mechanisms for securing app-to-device communication and ward off man-in-the-middle attacks.
In recent years, due to the growth of malware targeting applications, bank customers were increasingly plagued with malicious software of all stripes. Of course, these days, there is strict oversight over financial cybercrime, and specialized law enforcement together with private-sector IT specialists usually take prompt measures to disarm emerging malware.
Nevertheless, considering the steadily growing adoption of mobile banking, malicious software targeted at new apps will continue surfacing monthly while the existing scripts will be upgraded to circumvent dedicated safeguards.
In-app protection
By relying on in-app protection, banks can efficiently shield their app from emerging attacks
To be a step ahead of the attackers, financial institutions need to embrace a more comprehensive approach and consider bolstering source-code security controls with robust in-app protection features. Designed by cybersecurity tech companies, in-app protection is a set of tools that can be easily integrated into an application.
These solutions typically include mechanisms for security monitoring and malware detection, network connection manipulation, and external tampering that vendors update on a regular basis. Thus, by relying on in-app protection, banks can efficiently shield their app from emerging attacks.
Regrettably, after the release, your mobile banking app’s security is not completely in your hands. Users’ poor choices can easily obliterate all the efforts towards building and maintaining the solution impregnable.
Some can turn off biometric authentication if they see no point in it, while others can click on a phishing link because it is sent from a domain looking just like yours. Hence, it’s not enough to deliver a highly protected mobile banking solution, you should also teach users how to render their app experience safe.  
Security education 
Banks need to educate their customers about the benefits and dangers of trusting third parties with app credentials
First and foremost, banks need to educate their customers about good mobile banking security habits, from the importance of strong passwords and the benefits of two-factor or biometric authentication to the dangers of trusting third parties with app credentials and using public networks when conducting financial operations.
However, banks should present this information in a detailed but engaging way, for example through short posts or animated videos, otherwise, there are a high chance customers will not bother to pay heed to it. 
Over the recent years, mobile banking has burgeoned, but with this growth came a whole new set of threats, exploiting apps’ inherent vulnerabilities, loose security controls, and customer unawareness, with the burden of warding them off falling on their owners.
The battle for mobile banking security is ongoing, and to win it, banks need to respect security basics while also remaining open and flexible regarding emerging security tech.

Fibra Technology: How To Install A Wired Security System In 6 Hours
DKS: 1620 Lane Barrier Animation
The Story Behind Briton Brand
GSX 2022 this week in Atlanta highlights the changing role of security in the enterprise. The role of the security director increasingly will encompass facets of cybersecurity as well as physical security. Transitioning to an operation that incorporates both disciplines requires a workforce that embraces education and building new skills. Education and the opportunity to build new skills are evident everywhere at GSX, including in the hundreds of education sessions and also in the knowledge shared on the show floor in the exhibit hall. Risk-Based decisions “I really just do physical security.” That used to be a common phrase in the industry, but no more. In addition to ‘upskilling,’ security practitioners also need to speak the language of business and to insert the concepts of security into that language. Fast changes in security are challenging today’s professionals to keep up. The GSX education sessions seek to meet the need. Embracing ESRM includes a complete change in the thinking and approach to security Among the topics at the GSX conference is ESRM (Enterprise Security Risk Management), a security approach that focuses on risk-based decisions and partnerships with asset owners. It’s an approach that requires a holistic view of security risk. Embracing ESRM includes a complete change in the thinking and approach to security. Rather than seeking ‘approval’ for security decisions, security professionals identify risks and possible mitigation strategies and present them to management. Shaping access control Activity in the exhibit hall was brisk on the first day, which was heartening to those who attended a vastly downsized show last year in Orlando. At this show, there is even carpeting. Trends lead the lively discussions at GSX. In a presentation on the show floor Monday, manufacturer Brivo shared top trends that are shaping access control. The trends include: Hybrid work is here to stay. Some 60% of respondents to a Brivo survey said access control is extremely or very important to the hybrid work model. Providing immense value to an organization, access data helps to manage occupancy and is part of the larger discussion of facility utilization. Data analytics is ‘mission critical.’ Combining data from multiple sources, including access control, becomes powerful when leveraged using artificial intelligence (AI) and machine learning tools. Applications such as anomaly detection help companies improve operations. Some 65% of respondents to the Brivo survey say integrating access control with other technologies is an important trend. Keeping people healthy Other trends identified by Brivo include mobile credentialing and security centralization (cloud) Other trends identified by Brivo include mobile credentialing and security centralization (cloud). Among other exhibitors, Johnson Controls is focusing in their booth on solutions, not products, including the convergence of physical security into the digital space. The OpenBlue system is a digital platform that incorporates security, HVAC, fire/life safety, and building operations in a single platform that is the ‘nerve center’ of an organization. Increasingly, the areas ‘security’ is responsible for are expanding. During the COVID pandemic, for example, security had to embrace a role in keeping people healthy (as well as safe). The challenges of the pandemic accelerated the OpenBlue portfolio as more security professionals expanded their role. Security operations center “Moving into the digital space, and digitizing what used to be a security operations center, enables us to increase automation and enable security operations to respond more quickly,” said Kenneth Poole, Johnson Controls’ Vice President, National Accounts, North America Building Solutions. Security directors are responsible for things they have never been responsible for before” “Surprisingly a lot of customers are being forced into new areas,” Poole added. “Security directors are responsible for things they have never been responsible for before.” Poole says he is encouraged by the willingness of ‘old school’ security directors to embrace the new reality. Azena’s approach to supplying edge-based camera applications on an ‘app store’ is gaining momentum. Several new applications are being announced at GSX, among the 110 apps on the Azena app store. Apps can be loaded onto Azena-enabled cameras manufactured by Bosch, Hanwha, Vivotek, BST, TopView, and Ability. Video management system Azena has simplified the integration of its app solutions, enabling developers to make only slight changes to an app and ensure it is compatible with the largest video management system (VMS) platforms, including Milestone, Genetec, and NX Witness. A wizard on the camera enables simplified mapping of data analytics to events in a VMS system. New applications in the Azena app store include video sensors to prevent ‘bed fall’ accidents in hospitals and healthcare facilities, incidents that can cost $35,000 on average and account for $34 billion in the United States in a year. The app identifies video signs of an imminent bed fall, such as excessive movement in bed. The analytics run inside the camera and the video feed doesn’t leave the device, so there are no privacy concerns. An Azena app is installed in a camera mounted on ‘Yellow,’ the ‘robot dog’ manufactured by Boston Dynamics Effectiveness of metal detectors Another new application is gun detection that can augment the effectiveness of metal detectors. Also, an Azena app is installed in a camera mounted on ‘Yellow,’ the ‘robot dog’ manufactured by Boston Dynamics and configured for security applications by Prosegur. An Azena app is installed in a Vivotek AI box on the back of the dog; it can detect fire, smoke, and moved luggage. Azena apps for flare and leak detection are becoming more popular in the oil and gas industries, and there are camera apps that can monitor tank levels. Cisco Meraki is introducing two new camera models at GSX, with 4K and 4MP options, a terabyte of storage for 4K, and 256Gb of storage for 4MP. Air quality sensors The cameras will allow most customers to record 30 to 90 days of video in the camera at the edge The cameras will allow most customers to record 30 to 90 days of video in the camera at the edge. Also at the show, they introduced a push button and air quality sensors that are easy to incorporate into a Cisco Meraki application. Cisco Meraki also offers a dashboard that is integrated with the rest of the product portfolio to enable users to view devices on the same interface and in the same ‘pane of glass.’ For physical security users, there is the Meraki Vision Portal, which enables physical security users to run a more effective investigation. Features include a floor plan view and the ability to switch among multiple cameras. Users can instantly search videos using ‘motion search’ to easily find an event in a video.
Robots have been used in security patrol applications for decades, although developments in artificial intelligence (AI), video analytics, sensors and communications are expanding robot capabilities to new heights. Suddenly, robots are the latest thing in security. In addition, drones have become ubiquitous for numerous applications, including security. We wondered how well the security industry is embracing these newer technologies. We asked this week’s Expert Panel Roundtable: What impact are robots and/or drones having on the security industry?
Climax Technology launches a new-generation Indoor and Outdoor PIR Motion Sensor Camera, VST-892/VST-892EX Series, both of which adopt revolutionary SF1 technology. SF1 technology endows compatible products with optimum image transfer speed while preserving high resolution, which is unparalleled by any products in the current market. Alarm image transmission speed 3 times faster As SF1 technology is an upscaling to the existing F1, the next-generation motion sensor cameras retain F1’s 2-Km long communication range, while having an even faster, state-of-the-art image transmission speed. In fact, SF1 technology can leverage alarm image transmission speed at around 2 to 3 times compared to the previous generation’s rate, making it the fastest in the industry. HD image transfer at a recording-breaking rate The upgrade ensures that all details vital to visual alarm verification are promptly notified to users SF1 technology can make visual verification faster and more real-time. Due to the faster processing speed, the motion sensor cameras are capable of sending HD images for more detailed verification. Thus, the SF1-enhanced motion sensor cameras can transfer a high-definition image in 14 seconds. Due to elevated transferring speed, the image’s resolution is not being compromised. The upgrade ensures that all details vital to visual alarm verification are promptly notified to users. Energy saving to sustain longer battery life Due to the faster-transmitting speed of SF1 technology, the products also consume ultra-low power even when sending signals across a vast distance. Besides, SF1’s faster transmission rate makes devices’ operation smoother and saves their battery life. This is especially crucial for battery-powered outdoor cameras which can have more flexibility and stability with a longer run of battery. This advantage also reduces the camera’s maintenance costs considerably.
GSX 2022 Reflects Changing Technologies And Evolving Role For Security
Communicating The Value Of Security To The Public
Getting To Know Chris Bone, CTO At ASSA ABLOY Group
Public-Private Partnerships On Campus: What You Need To Know
A More Secure Alternative to 125 kHz Proximity Cards
5 Ways To Strengthen Physical Security With An Integrated System
Anatomy of a False Alarm
Artificial Intelligence
Middleware For Multi-Camera Video Surveillance
How Technology Addresses Worker Shortages In Security
Mobile Authentication: Will Smartphones Replace Cards In The Future?
Climax Launches Products that Adopt SF1 Technology
Programmable electronic keys can lighten the workload for facility managers
Delta Scientific DSC550 Open Frame Barrier
Follow us
DMA
SecurityInformed.com – Making The World A Safer Place
Copyright © Notting Hill Media Limited 2000 – 2022, all rights reserved

Our other sites:
SourceSecurity.com | TheBigRedGuide.com | HVACInformed.com | MaritimeInformed.com
Make the best use of the latest technology for building design and construction

source