The European Digital Identity Wallet as a Means of Authentication

The European Digital Identity Wallet as a Means of Authentication

The European Commission, as part of the eIDAS 2.0 proposal promotes the European Digital Identity Wallet (EUDI Wallet) as an app that enables citizens and residents all over the EU to identify and authenticate themselves. EUDI Wallet users should also be able to store and selectively disclose, locally and remotely, digital travel credentials (ePassports), driver’s licenses, university diplomas, as well as personal information including medical records or bank account details. The wallet should also allow its users to access a variety of online services, and sign documents with qualified electronic signatures and seals (QES). The scope of this wallet app is described in some detail in The Common Union Toolbox for a Coordinated Approach Towards a European Digital Identity Framework, and a reference implementation is expected for September 2023.

Selecting a Mobile App Security Solution for the EUDI Wallet

Selecting a Mobile App Security Solution for the EUDI Wallet

Organizations responsible for the development of an EUDI wallet (or other apps with highly sensitive data), will be acutely aware of the importance of security throughout the entire digital wallet ecosystem. In addition, they will likely already have a skilled security function and have implemented industry-standard security policies and procedures.

However, implementing adequate proactive and reactive security measures to counter the threats to large-scale deployments of such sensitive mobile apps is a highly specialized field, especially when the mobile app is being executed on devices that cannot be managed. For this reason, organizations should strongly consider contracting with a mobile app security vendor.

Protecting the European Digital Identity Wallet

Protecting the European Digital Identity Wallet

The European Commission promotes the European Digital Identity wallet (EUDI wallet) as part of its effort to digitize the economy and help foster trust services. In practice, this means that from the end of 2023 each EU Member State will gradually offer a mobile-based wallet to their citizens, residents and businesses to identify and authenticate online. Here we look at the scope of the EUDI and some of the security challenges for the app.

Protecting Banking Apps Against Malware Threats

Protecting Banking Apps Against Malware Threats

Here we explain why additional security mechanisms, beyond the mobile OS security features, are needed to protect mobile banking applications from malware and related threats.

Overview of Defense Mechanisms for Mobile Banking Apps

Overview of Defense Mechanisms for Mobile Banking Apps

As the use of mobile phones for mobile banking and payment applications increases, corresponding security threats are increasing as well. The majority of smart phones use only two operating systems (Android and iOS) and, therefore, they represent prey of choice for criminal groups and malevolent hackers. 

In this article, we will explain some of the defense mechanisms and security techniques involved with protecting mobile banking applications.

Secure Connectivity for Mobile Banking and Payment Apps: Strong Authentication

Secure Connectivity for Mobile Banking and Payment Apps: Strong Authentication

Here we provide a short overview of why strong authentication is seriously needed to provide security for mobile banking and payment applications. 

Integrating PSD2 and eIDAS

Integrating PSD2 and eIDAS

With the introduction of PSD2, banks are forced to provide third party payment service providers (PSPs) with access to the bank’s customers’ account information for account servicing and payment initiation services, but only in the case where the user has granted access to these third-party players. This article explores a technical solution that leverages eIDAS to address the PSD2 requirements.

Secure Hardening for Mobile Banking Apps: Data Obfuscation

Secure Hardening for Mobile Banking Apps: Data Obfuscation

When developing an application for mobile banking, application hardening using code obfuscation is one possible way of protecting sensitive data. However, this may not be an acceptable solution in many different scenarios: when the data to protect must be (partially) displayed, linked to other accounts or other data, or sent to a remote network, etc. The general solution to this problem is data obfuscation.

App Hardening for Mobile Banking and Payment Apps: Emulator Detection

App Hardening for Mobile Banking and Payment Apps: Emulator Detection

Attacks on mobile banking and payment applications frequently begin with the use of an emulator for the mobile operating system, where the targeted application is run and analysed.