As financial institutions capitalize on new opportunities by providing online services, they continuously face security breaches. Let’s out out how a bank showed 50% reduction in security issues in the subsequent mobile applications and how these mobile applications were benchmarked against global and RBI security standards
In the recent years mobile device adoption has become necessary for every industry. People can easily make purchases online, check their mails, and can also make online transactions on-the-go. One of the biggest drivers of change in the financial sector has been advances in technology, with many banks capitalizing on new opportunities by providing online services such as mobile banking.
A recent study discovered that 90% of mobile banking applications have serious security problems that could potentially compromise user data. On the same lines, following a breach to one of their mobile applications, a financial institution turned to Paladion to ensure that all future applications were tested, compliant and above all secure for their customers. The bank identified that its mobile banking application had suffered a major security breach, which put many of their customers at risk of exposing or losing their banking data.
After a lot of research, the bank chose to work with Paladion because of its experience in cyber security and risk management. To make sure applications were safe for customer’s use they decided to check the interface of both apps using a threat-based approach to systematically highlight possible security breaches. Going forward, another biggest challenge was also to devise a meticulous plan in a short time to rectify and remove possible security threats from both apps, while complying with the standards of RBI and OWASP within in a short period of time.
“We needed to consider various elements for the banks upcoming mobile applications like: A short go-to-market timeline, the ability to cater to all types of mobile operating systems (Android, Windows, and iOS), concern over the security posture of mobile applications, and the need to work for multiple vendors,” says Rajat Mohanty, CEO & Co-Founder, Paladion Networks.
Paladion’s Mobile Application Security Testing Program included code review, mobile application penetration testing, web application penetration testing, and security configuration audit among other features. It also made sure that the client creates more durable mobile apps based on improved threat elimination approach that can identify potential risks.
In order to provide a solution, the provider needed to take a number of elements into consideration for the bank’s new and future mobile applications such as: A short go-to market timeline, mobile business applications need to cater to all types of mobile platforms – Android, iOS, and Blackberry, the applications needed to work for multiple business owners and multiple vendors, and concern over the security posture of mobile applications.
The solution provider has unique strategy. Its structured testing methodology ensures that vulnerabilities in applications are identified and removed. They deployed a team of security testing experts at the bank’s head office, which included trained professionals and an off-site team of researchers who provided the required support at every step. The bank was given customized solutions for different applications along with its security testing plan to achieve maximum security assurance.
Awareness sessions were conducted and continuous communication was provided with development teams to help eradicate security issues with quick turnaround time and remediation validation.
After the previous security breach, the bank has now taken extreme precautions and is now securing its applications with thorough security checks and a greater awareness to avoid future incidents. They are also considering a periodical testing system, which would continuously ensure the security of their mobile apps.
After rectifying the security problems, several high-risk vulnerabilities across different mobile applications were discovered. Out of those, up to 60% risks were identified and repaired within a span of two months.
Reduction in the go-to market time resulted in fifteen secure mobile applications being released in the first quarter alone. All mobile applications were benchmarked against global security standards as well as RBI standards and up to 50% reduction in security problems was seen in successive mobile applications that were launched.
Author – Ruchika Goel
Source – DataQuest