Mobile payments: protecting applications as mobile threat evolves

Mobile payments: protecting applications as mobile threat evolves

Tom Lysemose Hansen, Founder and CTO, Promon

As smartphone and tablet usage becomes ever more commonplace in our increasingly mobile world, more and more people are choosing to use their mobile devices to pay for products and services. While a highly convenient and, on the whole, secure way to make purchases, it’s not without its risks.

Inevitably, increasing mobile usage has led to a growing number of cybercriminals seeing the popular mobile channel as a lucrative opportunity to make a quick buck. With dangerous threats such as MazarBOT, XcodeGhost and Acecard just a few recent examples, it’s clear that businesses need to be prepared to protect their apps.

Where do the vulnerabilities lie?

Hackers are constantly devising new ways to attack mobile payments, so it is crucial to always stay on top of which part of the mobile payment process they are targeting. However, there are three critical attack points that organisations should be aware of in the first instance:

  • Application risks: this involves cybercriminals exploiting weaknesses in the mobile payment app itself, and can include insecure app coding practices, app hacking or reverse engineering, and the theft of cryptographic keys
  • Device risks: this is when hackers look to capitalise on vulnerabilities in the user’s device, such as through attacking rooted or jailbroken devices or outdated OS security, or by installing malware
  • Session risks: this involves would-be thieves taking advantage of insecure internet connections, employing SMS forwarding techniques or taking over a user’s mobile account

What techniques do hackers use?

Broadly, cybercriminals employ four key techniques to help them break into an app and steal valuable customer data. These include:

  • Searching for security vulnerabilities through static and dynamic analysis of an app
  • Attempting to hack applications by introducing malicious code during runtime of an app
  • Deploying dangerous malware that is capable of stealing customer credentials
  • Eavesdropping on apps on unsecure devices, such as rooted or jailbroken smartphones, to capture personal details through keylogging or screenshot procedures

How to protect your apps

Fortunately, the ways of combating this growing breed of cybercriminals are evolving in a similar manner to the threats themselves. Below, we have listed what we recommend as the key methods of making mobile payment apps secure from external attacks.

App hardening, such as that offered by Promon SHIELDTM, involves inserting code into an app which makes it self-defending. This approach is a hugely effective one, as it means that regardless of any security vulnerabilities in a user’s device or internet connection, the app itself is able to fight off any external intrusions. This also reduces the need for holistic static and dynamic testing of apps.

Creating a secure software keychain inside your app. In most circumstances, software keychains are provided by the OS of the smartphone or mobile device. However, organisations should realise that it’s now possible to implement a software keychain inside the application itself, which enables a higher level of security by ensuring the all-important cryptographic key remains inside the app itself.

Encourage best practice amongst users. As mobile users tend to be technology-savvy, encouraging them to be as careful as possible in how they use their mobile apps is also essential. Some recommendations include:

  • Only download mobile apps from official app stores
  • Ensure that phone settings do not allow for the download and installation of unapproved apps
  • Ensure that transactions are secure when using mobile apps, by making sure that banks, retailers and credit card providers have safeguarded their apps against external threats
  • Avoid mobile payments over unsecured public Wi-Fi connections

[su_button url=”https://promon.co/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more information on Promon click here[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

ASSA ABLOY Opening Solutions

Digitalising access and optimising workflows

Digitalization is high on the agenda, or well under-way, in all kinds of commercial environments. As part of this process…
TDSi

TDSi Launches UK GARDiS Installer Training

Integrated Access Control and Security manufacturer TDSi announces that it is offering a free Training Kit to individuals taking part…
OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
Gallagher

Gallagher Security cultivates key partnerships in Riyadh

Organised in partnership with the New Zealand Embassy, Gallagher Security hosted an event in Riyadh to explore business…
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Tecnosicurezza

Tecnosicurezza Launches AmpliSec

Tecnosicurezza has launched AmpliSec – its first connected high-security electronic locking system designed specifically for safes…
Paxton

Paxton Employees Fundraising for Air Ambulance

Employees at the Brighton based security technology manufacturer Paxton have voted for their charity of the year
Scroll to Top