Download The Zimperium Global Threat Report Get updates on global device vulnerabilities, network and app attacks
Mobile Threat Defense for banking and financial services
Financial services customers demand the same services they use in person and online on their mobile devices. Mobile banking and trading are the new killer apps, and firms compete to make their mobile user experience a more cost-efficient and user-friendly version of every account interaction traditionally conducted in a physical branch or on a personal computer.
As a financial services organization, you are ultimately responsible for protecting your customers from account fraud and theft on their mobile devices, and potential liability for any losses incurred via your mobile app. If your customers or employees run your banking apps, they can also become potential attack vectors. What is your position on mobile threat defense?
Gartner Predicts 2017: Endpoint and Mobile Security, Analyst(s): John Girard | Dionisio Zumerle | Brian Reed | Peter Firstbrook | Bart Willemsen, 16 November 2016
Financial services customers are no longer willing to wait in line. Whether they are looking up transactions, transferring funds or scanning and writing electronic checks, they expect services to be delivered on their smartphones and devices at almost instantaneous speeds. They also expect data and transactions to be completely private and secure, as assured by regulations such as GLBA in the US and other international laws.
According to a 2015 Javelin Research study, more than 50% of bank customers used a mobile app to access account information, while less than 31% implemented security software on their devices. While today’s smartphones and tablets do provide some degree of security, millions of devices with financial information make an appealing target for cyber thieves, creating challenges not fully addressed by traditional security methods.
Smartphone users frequently log onto Wi-Fi networks that may be untrusted when looking for internet access. This can allow a Man-in-the-Middle (MITM) attack to intercept messages and emails, or download sensitive account information passing between the user’s device and a banking app or site. Network attacks may even install malware to compromise a device or allow root-level control.
Unlike the well-secured desktop computers your employees use on the corporate network, mobile devices customers and associates use have different privacy requirements. Financial firms cannot legally maintain surveillance of a personal device if it potentially exposes customer account, credit (PCI) and transaction data. This makes security very difficult to assure and enforce. Basically, if a bank employee can see the data on a customer’s phone, so could hackers.
The proliferation of devices and banking apps running outside secure corporate networks creates a high-value attack surface for hackers and unknown threats. Since smartphone users self-administer their devices, they may be running your app on outdated OS or are already using compromised devices. A smartphone that interacts with your app, data and network can be compromised and used to steal valuable customer or company data therefore damaging your brand.
Zimperium offers financial services firms and their customers the most complete Mobile Threat Detection solution for automatically detecting, reporting and remediating today’s -- and tomorrow’s -- advanced mobile threats.
Our zIPS™ app provides continuous self-service mobile threat detection and defense for Android, iOS and Windows mobile devices against network-based (or MITM) attacks, rogue application installs and OS vulnerabilities. Users are immediately alerted to threats and can resolve them and have forensics sent to the security team. Our patented machine-learning detection technology and custom mobile security research guards against new and evolving threats to financial services firms, employees and customers.
Our z9™ engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps private user account data secure on the device without impacting performance. Threats at the device, network, and app level are communicated to your InfoSec team for responsive issue resolution and compliance without compromising privacy regulations.
Embed cyber security into your banking apps with Zimperium’s zIAP™ (In-App Protection) solution. This innovative SDK is completely configurable by developers to detect and remediate threats to a device, including detection of suspicious user behaviors, network attacks and interference from other apps. Self-protecting apps equipped with zIAP™ can take immediate action according to the policies set by the app publisher or developer. Enable your app to report fraudulent activity, shut down a user session, run in read-only mode, delete cache or force a password reset to protect data when threats are detected.