Martin Rupp (guest)

ANSI X9.24-1-2017: The General Key Management Requirements

The ANSI X9.24-1-2017 norm details how symmetric cryptographic keys should be managed and handled by the relevant actors of the retail financial services companies. Here we outline the general techniques and methodologies that are required or suggested by the standard.

Read more

Application Hardening for Mobile Banking Apps: Root and Jailbreak Detection

Unlike other operating systems like Windows, Linux, or OSX, both Android and iOS operating systems are usually shipped with built-in user rights restrictions. The process of removing such restrictions, which is not supported by either Google or Apple, is named rooting and jailbreaking, respectively for Android and iOS.

Read more

Protecting Banking Apps Against Malware Threats

Here we explain why additional security mechanisms, beyond the mobile OS security features, are needed to protect mobile banking applications from malware and related threats.

Read more

General Concepts of Application Hardening for Mobile Banking Apps

Application hardening for mobile apps refers to implementing security measures to protect apps against reverse-engineering or tampering. In this article, we look at the importance of application hardening for mobile banking applications and explore some of the techniques that can be used to shield an app against such attacks.

Read more

ANSI X9.24-1-2017: Understanding the Card Payment Environment and the use of Symmetric Keys

The standard, ANSI X9.24-1-2017 part 1 has been written to provide minimum symmetric key management requirements and guidelines for the retail financial industry and actors involved in processing card payments.

Read more

Overview of Defense Mechanisms for Mobile Banking Apps

As the use of mobile phones for mobile banking and payment applications increases, corresponding security threats are increasing as well. The majority of smart phones use only two operating systems (Android and iOS) and, therefore, they represent prey of choice for criminal groups and malevolent hackers. 

In this article, we will explain some of the defense mechanisms and security techniques involved with protecting mobile banking applications.

Read more

An Introduction into ANSI X9.24-1-2017 part 1

ANSI X9.24-1-2017 part 1 is a standard that deals with symmetric key management techniques for retail financial services.

Read more

How Tokenization May Reduce False Declines

This article discusses how tokenization may reduce false declines with credit card transactions that could negatively impact merchants.

Read more

NIST & FIPS Considerations for EMV Tokenization

In this article, we will review some of the constraints of an EMV tokenization solution when it comes to FIPS and more generally, NIST considerations.

Read more