Mobile Security Guide

Your Guide to Mobile Threat Defense Featuring Gartner’s Market Guide for Mobile Threat Defense Solutions

Zimperium for banking and financial services

Mobile Threat Defense for banking and financial services

Overview

Financial services customers demand the same services they use in person and online on their mobile devices. Mobile banking and trading are the new killer apps, and firms compete to make their mobile user experience a more cost-efficient and user-friendly version of every account interaction traditionally conducted in a physical branch or on a personal computer.

As a financial services organization, you are ultimately responsible for protecting your customers from account fraud and theft on their mobile devices, and potential liability for any losses incurred via your mobile app. If your customers or employees run your banking apps, they can also become potential attack vectors. What is your position on mobile threat defense?

Mobile Malware
“Mobile malware has not been an issue in the eyes of enterprises so far. However, mobile attacks (Pegasus, XcodeGhost) and vulnerabilities (Stagefright, Heartbleed) are increasing in terms of both number and pragmatism. Enterprises are now looking for solutions that can enhance their mobile security posture. Mobile threat defense (MTD) solutions combine signature-based checks with behavioral anomaly detection on the device, network and app layer.”

Gartner Predicts 2017: Endpoint and Mobile Security, Analyst(s): John Girard | Dionisio Zumerle | Brian Reed | Peter Firstbrook | Bart Willemsen, 16 November 2016

Challenges

Financial services customers are no longer willing to wait in line. Whether they are looking up transactions, transferring funds or scanning and writing electronic checks, they expect services to be delivered on their smartphones and devices at almost instantaneous speeds. They also expect data and transactions to be completely private and secure, as assured by regulations such as GLBA in the US and other international laws.

According to a 2015 Javelin Research study, more than 50% of bank customers used a mobile app to access account information, while less than 31% implemented security software on their devices. While today’s smartphones and tablets do provide some degree of security, millions of devices with financial information make an appealing target for cyber thieves, creating challenges not fully addressed by traditional security methods.

Network attacks

Smartphone users frequently log onto Wi-Fi networks that may be untrusted when looking for internet access. This can allow a Man-in-the-Middle (MITM) attack to intercept messages and emails, or download sensitive account information passing between the user’s device and a banking app or site. Network attacks may even install malware to compromise a device or allow root-level control.

Privacy vs. Security

Unlike the well-secured desktop computers your employees use on the corporate network, mobile devices customers and associates use have different privacy requirements. Financial firms cannot legally maintain surveillance of a personal device if it potentially exposes customer account, credit (PCI) and transaction data. This makes security very difficult to assure and enforce. Basically, if a bank employee can see the data on a customer’s phone, so could hackers.

Application and Malware threats

The proliferation of devices and banking apps running outside secure corporate networks creates a high-value attack surface for hackers and unknown threats. Since smartphone users self-administer their devices, they may be running your app on outdated OS or are already using compromised devices. A smartphone that interacts with your app, data and network can be compromised and used to steal valuable customer or company data therefore damaging your brand.


Solution

Zimperium offers financial services firms and their customers the most complete Mobile Threat Detection solution for automatically detecting, reporting and remediating today’s -- and tomorrow’s -- advanced mobile threats.

Detection and prevention

Our zIPS™ app provides continuous self-service mobile threat detection and defense for Android, iOS and Windows mobile devices against network-based (or MITM) attacks, rogue application installs and OS vulnerabilities. Users are immediately alerted to threats and can resolve them and have forensics sent to the security team. Our patented machine-learning detection technology and custom mobile security research guards against new and evolving threats to financial services firms, employees and customers.

Secure, on-device engine

Our z9™ engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps private user account data secure on the device without impacting performance. Threats at the device, network, and app level are communicated to your InfoSec team for responsive issue resolution and compliance without compromising privacy regulations.

In-App Threat Protection

Embed cyber security into your banking apps with Zimperium’s zIAP™ (In-App Protection) solution. This innovative SDK is completely configurable by developers to detect and remediate threats to a device, including detection of suspicious user behaviors, network attacks and interference from other apps. Self-protecting apps equipped with zIAP™ can take immediate action according to the policies set by the app publisher or developer. Enable your app to report fraudulent activity, shut down a user session, run in read-only mode, delete cache or force a password reset to protect data when threats are detected.

Start Enterprise Trial
Start a Trial

Contact us today to enable cybersecurity on your mobile devices and protect against device, network, and application attacks!

Start a Free Trial
Get the Report
Get the Report

Download “Your Enterprise is Most Vulnerable via Mobile Devices” featuring research from Gartner

Download Research
Play video
Watch Now

zIAP embeds the z9 engine, the heart of the zIPS app, inside mobile applications.

Watch Now