Following the revised Payment Service Directive (PSD2), banks in the EEA are required to enable their customers (users) to grant third party providers (TPPs) access toRead more
As of 1st July 2016, the first phase of the EU’s new regulation on electronic identification (eIDAS) will become enforceable. But amid all the confusion about its implications among both EU banking executives and their security experts, Guillaume Forget, Director of Product Management at Cryptomathic explores why banks still have a lot to be excited about.Read more
This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.
The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.Read more
We are constantly reminded by news stories how complex it can be to secure mobile banking and payments apps. A recent study has found that 11% percent of Android banking apps are suspicious, which is enough to frighten many banking app serviceRead more
...continued from Part 1
The threat model
Malicious mobile device hackers have a variety of goals. Foremost is monetary gain, but retribution, anarchy, curiosity and perceived public good can all be part of the motivation. The attackers can be grouped by resource levels and goals, as illustrated in table 1.
Table 1: An example of how mobile security attackers can be categorised by resources and goals.
Understanding the motivation of a hacker highlights that a good mobile security strategy must not only defend both against specific mobile threats, but also more generic threats such as reputational or ethical attacks.Read more
With mobile devices being used for more credentialing based activities, the question of mobile security is becoming increasingly important. The mobile security landscape, however, is still immature, so how can service providers successfully deliver secure mobile services today?Read more
Under pressure from sophisticated attacks and rising fraud, many B2C organisations of the financial industry are currently enhancing the static password based authentication to their web applications to something stronger - the 2FA age. 2-Factor Authentication (2FA) is currently achieving large scale deployments and consumer adoption where PKI failed a few years ago.
From a technical standpoint, PKI offers significant benefits including the possibility to sign tranRead more