The European Digital Identity Wallet (EUDIW) has the potential to serve as a comprehensive identity gateway, enabling individuals to manage their personal data and decide when and with whom to share it. A single digital ID can store personal credentials, including social, financial, medical, and professional data, as well as contacts and other information.
The adoption of cloud computing has altered the approach organizations take toward security. Rather than concentrating on securing the perimeter of a local database, a cloud-first landscape necessitates safeguarding the data itself.
Organizations responsible for the development of an EUDI wallet (or other apps with highly sensitive data), will be acutely aware of the importance of security throughout the entire digital wallet ecosystem. In addition, they will likely already have a skilled security function and have implemented industry-standard security policies and procedures.
However, implementing adequate proactive and reactive security measures to counter the threats to large-scale deployments of such sensitive mobile apps is a highly specialized field, especially when the mobile app is being executed on devices that cannot be managed. For this reason, organizations should strongly consider contracting with a mobile app security vendor.
Following its introduction in January 2018, the Open Banking regulation mandates UK banks to provide their data in a standardized format, facilitating third-party developers to create financial service applications and allowing for fast bank payments and settlements without intermediaries. The number of Open Banking users reached 1 million by November 2019, but despite the slower-than-anticipated growth of this new technology, recent usage figures and government commitment indicate that Open Banking may soon become more widely adopted.
Zero Trust security is a concept that has been discussed extensively. However, there are many different interpretations of what it means. Some consider it to be a platform, while others see it as a principle. The term has become so ubiquitous that it is often dismissed by those in the cybersecurity industry and referred to as a buzzword.
Itemizing the potential risks of the European Digital Identity (EUDl) Wallet scheme is a complex task that involves assessing the attack surface of the digital wallet app across various platforms, as well as the backend infrastructure, processes, and organizations involved. To provide support, the ENISA and OWASP mobile app guidelines offer useful resources for a secure development lifecycle of digital wallets, as outlined in this article.
We also introduce how Cryptomathic's Mobile App Security Core helps address the majority of the ENISA and OWASP security recommendations.
The recent U.S. Department of the Treasury report highlights potential benefits and challenges associated with a growing trend amongst financial sector firms who are adopting cloud services.
The European Digital Identity wallet (EUDI wallet) is proposed by the European Commission to provide a secure, safe and standardized digital identity for all EU citizens. It is based on the European Standard for Electronic Identification and Trust Services (eIDAS) and part of the proposed eIDAS 2.0 regulation. The EUDI wallet will be made available to its users as a mobile app that allows them to securely store and selectively share, locally or remotely, on request and under their sole control, identification data based on their national electronic IDs (eIDs), as well as other attestations of attributes such as digital travel credentials (ePassports), driver’s licenses, university diplomas, and also personal information including medical records or bank account details. The wallet should also allow them to access a variety of online services and sign documents with qualified electronic signatures and seals (QES).
With such valuable data stored on an app, the threats to the EUDI wallet will come from multiple diverse sources, all with varying motives. This article explores the threat landscape and considerations for protecting the digital wallet's sensitive data against threats.
Following a Recommendation by the European Commission, from the end of 2023 each EU Member State will gradually offer the European Digital Identity (EUDI) wallet to their citizens, residents, and businesses. This mobile-based wallet will serve to manage access to verified sensitive personal information and to identify and authenticate the wallet's owner when interacting with financial services, medical institutions, government agencies, and other third-party services. Due to the high value of information and authentication capabilities provided by EUDI wallets, they are highly attractive targets for threat actors. This article explores secure development strategies for an EUDI wallet app. While being specific to the EUDI wallet, the methodology is equally applicable to the development of any IT asset.
