By Jodi Wadhwa, Vice President Marketing at Arxan Technologies
Today, smart phones and devices are increasingly gaining popularity with many consumers preferring to now conduct their financial transactions on the go. This can include anything from remote deposits, balance inquiries and easy money transfers to mobile peer-to-peer transactions, digital wallet transactions, mCommerce, or mobile payments. In fact, analyst house Gartner forecasted that the volume of mobile payment transactions worldwide will be at £140 billion this year and will grow to £429 billion by 2017; it is easy to understand why hackers would target this lucrative sector.
However, as mobile banking advances, unfortunately so does cyber criminal activity. Hackers come up with new ways every day to break into smart devices and steal sensitive information for their own financial gain. According to the June 2014 McAfee Labs Threat Report, new mobile malware (short for malicious software) has increased for five straight quarters, with a total mobile malware growth of 167 % in the past year alone.
It is clear to see that the ever-increasing adoption rate for mobile financial transactions, coupled with cyber criminals making it a target, makes digital banking and payment protection more of a necessity than ever. Banks are under immense pressure to keep their mobile banking apps safe and up to date, and in order to stay one step ahead of cyber criminals, mobile app developers must deploy critical code – such as jailbreak/route detection, security certificates, sensitive intellectual property, etc. – into “the wild,” to reside in distributed and untrustworthy environments for digital banking or payment apps. Many are doing so without application protection.
Malicious mobile apps
We recently conducted research into the top 100 paid Android and iOS apps, the top free apps on these operating systems, as well as the most used financial services and banking applications. The analysis revealed there is widespread and unfettered hacking of mobile applications on both Android and iOS, with financial apps proving a particularly attractive target for hackers.
As part of Arxan’s research we specifically focused on the 40 most popular financial apps to analyse and understand how pervasive application hacking is and the findings revealed that these apps are deeply insecure. Financial applications are an attractive target for attackers, given the high value associated with the data that they contain. Over half (53%) of Android apps had hacked or cracked versions that were available for download, with 23% on iOS.
As malware is a form of unauthorised code modification or tampering, hackers use specialised tools to target the mobile banking application itself and attack sensitive areas within the application code. They completely reverse-engineer the app back to the original source code and plant their malicious code, and before you can say “HEY PRESTO” the app has been repackaged and redistributed unto the app stores – now with embedded malware and unbeknownst to not only the app creators, but also users downloading the “new” (and not improved!) app.
Financial services app owners also will commonly deploy their products on multiple platforms to ensure their mobile services reach the majority of their total customer base. These high-risk apps, especially with regards to mobile banking and payment applications, require a much more diligent effort in order to protect the overall application from hacking and malware threats. In addition to the potential financial losses, a compromised payment app can have a major impact on consumer loyalty and confidence, and can ultimately have an impact on the share value of these companies.
Infected mobile banking apps
Unfortunately, it is safe to assume that there are already numerous cases of infected apps on countless devices, while a large scale advanced mobile malware attack is lying in lurk somewhere waiting to be activated. Given the magnanimous potential of affecting banking or payment transactions on millions of devices, business to consumer applications are undergoing standardisation on application hardening with run-time protection practices before they are deployed.
With that in mind, our research also revealed that critical exposures in the application’s code can progress code tampering or malware attacks. From customised Mobile App Assessments of financial services apps, we found binary risks in the tune of 100% for authentication exposure, 50% of apps had jailbreak detection code and crypto exposure, and 50% had payment exposure. None of the apps were yet deployed with application hardening protection.
Further, “rich apps” provide more functionality and user experience and hence these apps need to access sensitive data, include access policies for privileged users or enable the processing of valuable transactions. For example, in some banking applications there is jail-break detection, which provides a critical decision point that would prevent users from proceeding with certain high value transactions of the application on a device that has been compromised. However, once an attacker has been able to leverage hacker tools to analyse and reverse engineer the app to locate the jail-break detection code in source code, no matter how sophisticated its logic may be, it can usually be defeated by changing a few bytes in the code.
Ultimately, financial organisations bear an onus of protecting their assets, users and sensitive data against fraud, privacy and financial loss. As the proliferation of mobile devices continues and more financial services are available through dedicated applications, there is an increasing need for mobile application security to be considered and implemented in the development process. This protection is needed to secure the application at rest and runtime. Many organisations rush to get apps into the hands of consumers, and upgrade them to offer the new functionalities and other content driven by consumer demand. The unfortunate side-effect of this is that security often becomes an afterthought.
Developers need to start implementing “application hardening” techniques at the beginning of the app building process. Security processes need to be inserted within the app that will yield self-aware, self-defending and tamper-resistant applications to ensure that the application is highly resilient against hacker attacks and can independently be capable of detecting whether its own state has been compromised, and take remedial actions as needed. Basically security innovation must be kept in-step with the innovation in mobile financial services.
Citigroup considering divestiture of some foreign consumer units – Bloomberg Law
(Reuters) – Citigroup Inc is considering divesting some international consumer units, Bloomberg Law reported on Friday, citing people familiar with the matter.
The discussions are around divesting units across retail banking in the Asia-Pacific region, the report https://bit.ly/3pD57WP said.
“As our incoming CEO Jane Fraser said in January, we are undertaking a dispassionate and thorough review of our strategy,” a Citigroup spokesperson told Reuters.
“Many different options are being considered and we will take the right amount of time before making any decisions.”
The move, part of Fraser’s attempt to simplify the bank, can see units in South Korea, Thailand, the Philippines and Australia being divested, the Bloomberg report said.
However, no decision has been made, according to the report.
Revenue from Citi’s consumer banking business in Asia declined 15% to $1.55 billion in the fourth quarter of 2020.
The divestitures could be spaced out over time or the bank could end up keeping all of its existing units, the Bloomberg report said.
The firm is also reviewing consumer operations in Mexico, though a sale there is less likely, the report said, citing one of the people.
Last month, New York-based Citigroup beat profit estimates but issued a gloomy forecast for expenses. Finance head Mark Mason said the lender’s expenses could rise in 2021 in the range of 2% to 3%, weighing on its operating margins. (https://reut.rs/2ZwXRB1)
(Reporting by Niket Nishant in Bengaluru; Editing by Maju Samuel)
European shares end higher on strong earnings, positive data
By Sagarika Jaisinghani and Ambar Warrick
(Reuters) – Euro zone shares rose on Friday, marking a third week of gains, as data showed factory activity in February jumped to a three-year high, while upbeat quarterly earnings boosted confidence in a broader economic recovery.
The euro zone index was up 0.9%, with strong earnings from companies such as Acciona and Hermes brewing some optimism over an eventual economic recovery.
The pan-European STOXX 600 index rose 0.5%, as regional factory activity was seen reaching a three-year high on strong demand for manufactured goods at home and overseas.
Another reading showed the euro zone’s current account surplus widened in December on a rise in trade surplus and a narrower deficit in secondary income.
Still, the STOXX 600 marked small gains for the week, having dropped for the past three sessions as investor concern grew over rising inflation and a rocky COVID-19 vaccine rollout.
But basic resources stocks outpaced their peers this week with a 7% jump, as improving industrial activity across the globe drove up commodity prices.
“This week’s slightly adverse price action has all the hallmarks of a loss of momentum temporarily and not a structural turn,” said Jeffrey Halley, senior market analyst at OANDA.
“There is not a major central bank in the world thinking about taking their foot off the monetary spigot, except perhaps China. (Markets) will remain awash in zero percent central bank money through all of 2021 (and) a lot of that will head to the equity market.”
Minutes of the European Central Bank’s January meeting, released on Thursday, showed policymakers expressed fresh concerns over the euro’s strength but appeared relaxed over the recent rise in government bond yields.
The bank’s relaxed stance was justified by the euro zone economy requiring continued monetary and fiscal support, as evidenced by a contraction in the bloc’s dominant services industry in February.
The STOXX 600 has rebounded more than 50% since crashing to multi-year lows in March 2020, with hopes of a global economic rebound this year sparking demand for sectors such as energy, mining, banks and industrial goods.
London’s FTSE 100 lagged regional bourses on Friday due to a slump in January retail sales and as the pound jumped to its highest against the dollar in nearly three years. [.L] [GBP/]
French carmaker Renault tumbled more than 4% after posting a record annual loss of 8 billion euros ($9.68 billion), while food group Danone and German insurer Allianz rose following upbeat trading forecasts.
(Reporting by Sagarika Jaisinghani in Bengaluru; Editing by Sriraj Kalluvila and Shailesh Kuber)
ECB plans closer scrutiny of bank boards
FRANKFURT (Reuters) – The European Central Bank plans to increase scrutiny of bank board directors and will take look more closely at diversity within management bodies, ECB supervisor Edouard Fernandez-Bollo said on Friday.
The ECB already examines the suitability of board candidates in a so-called fit and proper assessment, but rules across the 19 euro zone members vary, so the quality of these checks can be inconsistent.
The ECB plans to ask banks to undertake a suitability assessment before making appointments, and they will put greater emphasis on the candidates’ previous positions and the bank’s specific needs, Fernandez-Bollo said in a speech.
The supervisor also plans more detailed rules on how it will reassess board members once new information emerges, particularly in case of breaches related to anti-money laundering and financing of terrorism, Fernandez-Bollo added.
Fernandez-Bollo did not talk about enforcing diversity quotas, but he argued that diversity, including diversity in gender, backgrounds and experiences, improves efficiency and was thus crucial.
“Supervisors will consider furthermore all of the diversity-related aspects that are most relevant to enhancing the individual and collective leadership of boards,” he said.
“Diversity within a management body is therefore crucial … there is a lot of room for improvement in this area in European banks,” he said.
(Reporting by Balazs Koranyi, editing by Larry King)
FTSE Russell to include 11 stocks from China’s STAR Market in global benchmarks
SHANGHAI (Reuters) – Index provider FTSE Russell will add 11 stocks from China’s STAR Market to its global benchmarks, according...
Foxconn chairman says expects “limited impact” from chip shortage on clients
TAIPEI (Reuters) – The chairman of Apple Inc supplier Foxconn said on Saturday he expects his company and its clients...
Bitcoin, ether hit fresh highs
SINGAPORE (Reuters) – Bitcoin hit a fresh high in Asian trading on Saturday, extending a two-month rally that saw its...
UK insurers estimate to pay up to 2.5 billion pounds for coronavirus claims
(Reuters) – The Association of British Insurers (ABI) said on Saturday insurers are likely to pay up to 2.5 billion...
Citigroup considering divestiture of some foreign consumer units – Bloomberg Law
(Reuters) – Citigroup Inc is considering divesting some international consumer units, Bloomberg Law reported on Friday, citing people familiar with...
World Bank pushing for standard vaccine contracts, more disclosure from makers
By Andrea Shalal WASHINGTON (Reuters) – The World Bank is working to standardize COVID-19 vaccine contracts that countries are signing...
Google to evaluate executive performance on diversity, inclusion
By Paresh Dave (Reuters) – Alphabet Inc’s Google will evaluate the performance of its vice presidents and above on team...
EU seeks alliance with U.S. on climate change, tech rules
By Sabine Siebold and Kate Abnett BERLIN (Reuters) – Europe and the United States should join forces in the fight...
Oil extends losses as Texas prepares to ramp up output after freeze
By Devika Krishna Kumar NEW YORK (Reuters) – Oil prices fell for a second day on Friday, retreating further from...
Dollar edges lower as investors favor higher-risk currencies
By Stephen Culp NEW YORK (Reuters) – The dollar lost ground on Friday as market participants favored currencies associated with...