Mobile applications are going beyond just a ‘view only’ banking channel to becoming the primary channel for many banks. This changes the paradigm of security for mobile banking applications. With insecure end point devices, a highly diverse ecosystem and a combination of a variety of technologies, mobile banking is set to become one of the highest risk channels for banks.
Banks/Payment service providers today need to look beyond just cookie-cutter testing of mobile banking applications. They should look at the possibilities which can be exploited by an attacker seeking to take advantage of an insecure operating system and uninformed users. The security approach should start with threat modelling, secure development life cycle and integrated testing of the applications. With mobile banking offering advanced features, this is the right time for banks to explore cross-channel fraud detection systems.
Licensed Commercial Banks, Licensed specialized Banks, Finance company, license operator of mobile phone based e-money system or any institution, all of which are operating or facilitating or providing payment services for mobile application
Guidelines are in effect from 18 January 2018
Being the leading mobile application security review and partnering firm for Financial Sector clients we would work with you to identify the gaps and develop plans to bring your mobile payment eco system to comply with the regulatory guideline
Technology Consulting Leader
Tel: +94 11 7719700 ext. 1001
Practice Head - Cyber Security
Tel: +94 11 7719700 ext.1601, +94 77 2315168